Back to skill

Security audit

XPR Network Dev

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only XPR Network developer guide with high-impact blockchain examples, but the sensitive behavior is purpose-aligned and disclosed.

Install only if you are comfortable reviewing blockchain examples before running them. Use testnet first, avoid pasting production private keys into code or shell commands, keep owner keys offline, use least-privilege permissions for bots, and require explicit confirmation before any mainnet transfer, trade, contract deployment, permission change, or recurring-payment flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (28)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The document makes an absolute security claim that the chain key 'NEVER enters process memory,' but later includes fallback examples that explicitly load a private key into memory for signing. In a security-sensitive skill for autonomous agents, this inconsistency can mislead operators into over-trusting the pattern and underestimating residual credential-exposure risk.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The Python example explicitly imports a private key into the running process via `wallet.import_key('mywallet', 'YOUR_PRIVATE_KEY')`. In documentation for blockchain development, this is dangerous because readers often copy examples verbatim, which normalizes insecure key handling and exposes secrets to source control, shell history, logs, process memory, and developer workstations.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document explicitly warns that all-numeric account names require special handling for `get_table_rows`, but the later `ProtonRPC` service methods pass raw `scope`, `lower_bound`, and `upper_bound` values without applying those safeguards. This creates a reliability and data-integrity flaw where queries for numeric-only accounts silently return wrong or empty results, which can cause incorrect balances, missing profiles, or broken application logic.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The combined query service repeats the same unsafe raw `get_table_rows` pattern despite earlier documentation stating numeric-name workarounds are always required. Because this helper is positioned as a reusable abstraction, downstream developers are more likely to trust it and unknowingly ship logic that mishandles numeric-only account names across multiple query paths.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The example labels the action as KYC-enforced, but the contract only checks the generic `verified` flag rather than any actual KYC records or level. Developers copying this pattern could incorrectly grant access to users who are merely profile-verified, weakening compliance or access-control logic for regulated or restricted features.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation includes `proton key:reset`, which irreversibly deletes all stored keys, but the surrounding text does not prominently warn readers at the point of use about permanent loss. In a CLI reference used for operational workflows, this can lead to accidental destruction of key material or local wallet state, especially by inexperienced users copying commands verbatim.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The `proton contract:clear` commands remove deployed WASM and/or ABI from a contract account, which is operationally destructive, but the reference presents them as routine commands without a strong warning. A user following the docs could unintentionally disable a live contract or break integrations by clearing code or ABI on the wrong account or network.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The `updateauth` example modifies account authorization and includes permission changes that can affect signing capability and contract execution, but it lacks an explicit warning about misconfiguration and potential account lockout. In blockchain environments, an incorrect permission update can permanently prevent legitimate control of the account or unintentionally broaden authorization.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The swap examples explicitly recommend using `MIN_OUTPUT=1` and even describe it as effectively 'no minimum', which weakens slippage protection and can cause users to accept catastrophically bad execution during volatile conditions, low liquidity, sandwiching, or pool manipulation. In a DeFi trading guide, this is especially dangerous because readers may copy-paste the examples directly into real-money transactions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example encourages direct use of a private key in source without a strong warning against embedding credentials. Even as placeholder text, this pattern teaches unsafe secret management and can lead users to paste real keys into scripts, repositories, notebooks, or shared environments where compromise is likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file provides multiple ready-to-run examples for creating collections, minting, transferring, listing, cancelling, and purchasing NFTs that trigger real on-chain state changes, but it does not include warnings that these actions are irreversible, cost RAM/tokens, or should be gated behind explicit user review and confirmation. In a developer skill, this can lead downstream agents or users to submit financially or operationally significant transactions without adequate safeguards.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The IPFS upload example sends file contents and a bearer token to a third-party service without warning about data disclosure, token handling, or the permanence/public nature of IPFS-pinned content. This is risky because developers may upload sensitive files or embed privileged credentials in insecure client-side contexts, resulting in credential theft or unintended data exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Writing a wallet password to `wallet_pass.txt` creates credential material on disk that may be exposed through weak file permissions, backups, shell history, or later mishandling. In a blockchain node / block producer context, leakage of wallet credentials can enable compromise of operational accounts or facilitate further secret exposure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Embedding a private key directly in `config.ini` encourages unsafe secret handling and can lead to key disclosure via file reads, backups, support bundles, screenshots, or source control mistakes. For a block producer, exposure of the signing key can enable unauthorized block signing, identity compromise, and severe operational or governance impact.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The subscription example describes a contract and bot that can repeatedly charge users once permission has been granted, but it does not show any strong UX safeguards, explicit consent text, spending limits, or clear revocation guidance at the point of authorization. In a payments skill, that omission is security-relevant because implementers may copy the pattern and deploy recurring billing flows that users do not fully understand, increasing the risk of unauthorized or unexpected repeat charges.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The webhook example forwards blockchain event payloads, including transfer metadata and memo fields, to arbitrary external URLs without any warning about privacy, trust boundaries, or destination validation. In practice, developers may copy this pattern and unintentionally disclose sensitive or user-linked on-chain activity to third parties, especially when memos or account correlations contain personal or business information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This section provides actionable commands for creating tokens, buying, selling, and graduating assets involving large on-chain values, but it does not prominently warn users that blockchain transactions are irreversible and may result in permanent fund loss if parameters, account names, memos, token IDs, or slippage limits are wrong. In a skill intended for agent consumption, the lack of explicit transactional safety guidance increases the chance that users or downstream automation will execute high-risk financial actions without adequate confirmation or validation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quick-reference section provides ready-to-run commands for staking, unstaking, claiming refunds/rewards, and voting, all of which trigger real on-chain state changes, but it does not include an explicit warning that these actions spend assets, alter staking state, or submit irreversible blockchain transactions. In a developer-facing skill, users may copy and paste commands directly, increasing the chance of accidental execution against a live account or mainnet environment.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The guide includes real testnet deployment and action commands that mutate blockchain state, create accounts, and consume resources, but it does not clearly warn readers that these commands affect a live testnet account and contract state. In a blockchain development context this is not code-execution malware, but it can still cause accidental deployments, unwanted state changes, and resource/token consumption by users who copy-paste commands blindly.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The automated shell script performs deployment plus multiple state-changing on-chain actions against a configured testnet account, yet it lacks an upfront side-effect warning or safety checks. This makes accidental misuse more likely, especially because scripts are often run as-is and can overwrite deployed contracts or alter persistent testnet data.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The batch airdrop example automates irreversible token transfers at scale but does not include safeguards such as recipient validation, dry-run review, batching confirmation, or explicit warnings about the consequences of mistakes. In a blockchain context, a malformed recipient list, wrong token amounts, or use of the wrong signing account can rapidly cause unrecoverable asset loss across many accounts.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guide tells users to add a private key directly on the command line (`proton key:add PVT_K1_xxxxx`) without warning that shell history, process monitoring, screen recording, or shared terminals can expose the secret. In a blockchain development skill, this is especially risky because leaked private keys can immediately enable unauthorized transactions and asset theft.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example performs a real signed token transfer and explicitly broadcasts it to a mainnet endpoint, but it does not warn readers that this can move live assets irreversibly. In a developer guide, copy-pasteable examples with production chain IDs and broadcast enabled materially increase the chance of accidental financial loss during testing or learning.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The documentation encourages restoring prior sessions and elsewhere notes localStorage-backed persistence, but it does not warn that shared browsers, kiosks, or reused devices may expose wallet session state. While this is not an exploit by itself, it can contribute to unintended account reuse or privacy leakage in less-controlled environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
These examples show broadcasted token transfers, custom contract execution, and combined deposit/stake flows without clearly stating that they trigger real financial or state-changing operations. Because the skill is a blockchain development guide, developers are likely to reuse these snippets directly, making accidental asset movement or unintended contract calls more likely.

VirusTotal

2/65 vendors flagged this skill as malicious, and 63/65 flagged it as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.