Slv Rpc

Security checks across malware telemetry and agentic risk

Overview

The skill is for legitimate Solana RPC server administration, but it asks agents to run high-impact remote playbooks whose actual contents are not included in the package.

Review this before installing. Use it only if you trust the SLV/ValidatorsDAO toolchain and can inspect the exact ~/.slv/template Ansible playbooks that will run. Limit inventory targets, run Ansible check mode first, confirm any service restarts, ledger deletion, disk formatting, firewall changes, or key-copying steps, and avoid pasting private keys or API secrets into the agent chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README prominently describes deploying, configuring, and managing Solana RPC nodes, including lifecycle operations and source builds, but does not warn that these actions are system-changing and can affect availability, data integrity, cost, and security of remote servers. In an agent-skill context, this omission increases the chance that an AI agent or user invokes destructive or high-impact operations without explicit confirmation or understanding of the consequences.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal