Security audit
FarmDash Autonomous Operator
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed DeFi session and autopilot coordination skill with financial risk, but the artifacts do not show hidden execution, key theft, malware, or deceptive behavior.
Install only if you trust FarmDash to coordinate DeFi agent sessions. Keep budgets and allowlists tight, require explicit wallet approvals for any transaction, and never provide private keys or seed phrases. Treat FARMDASH_API_KEY and sessionToken values as sensitive credentials.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
