Back to skill

Security audit

Crypto

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed crypto lookup helper that uses public APIs and RPC endpoints, with privacy considerations around wallet and name lookups but no evidence of hidden, persistent, destructive, or credential-seeking behavior.

Install this if you are comfortable with a crypto helper sending token symbols, wallet addresses, ENS/Basename identifiers, and similar lookup terms to public third-party services. Do not provide private keys or seed phrases; this skill does not need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill advertises itself for broadly defined 'any blockchain data lookup' requests, which can cause over-invocation outside a narrowly scoped crypto-pricing context. In practice this increases the chance that wallet addresses, ENS names, or other user-supplied identifiers are sent to third-party endpoints when the user did not clearly request that external lookup.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The instruction to 'resolve it automatically' for any provided name in a crypto context is ambiguous and can trigger external resolution for loosely related mentions without clear consent. That creates privacy and correctness risks by sending human-readable names to third-party services and by acting on text that may not actually be intended as a resolvable blockchain identifier.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The wallet balance and name-resolution workflow instructs the agent to send wallet addresses and ENS/Basename identifiers to public RPCs and third-party APIs without any privacy warning or user-consent step. Even though blockchain data is public, querying these services can expose user interest, cluster activity, or sensitive associations to external providers.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.