vultisig-sdk

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Vultisig wallet skill, but it is designed to let an agent create wallets and move or swap real cryptocurrency without mandatory human approval.

Install only if you intentionally want an agent to manage cryptocurrency. Start with a new low-value vault, prefer Secure Vault or explicit per-transaction approval for sends and swaps, set spend limits and recipient allowlists where possible, avoid importing existing seedphrases, protect vault backups and passwords, and pin or verify the SDK package before using it with real funds.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description is extremely broad: it claims applicability to creating wallets, sending transactions, swapping tokens, checking balances, and "any on-chain operation" across many chains. In an agent routing context, this can cause the skill to be invoked for loosely related wallet/blockchain requests, increasing the chance that an autonomous agent selects a high-risk financial-action skill without strong user confirmation or narrower scoping.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill prominently enables fully autonomous wallet management and irreversible on-chain actions, including Fast Vault operation with automatic server co-signing and no human approval, but it does not place a clear upfront warning at the top about financial loss, irreversible transfers, approval risks, and seed/backup sensitivity. In this context, missing an explicit front-loaded warning is dangerous because the skill is designed for real asset movement, and an agent may proceed to create, sign, approve, or broadcast transactions before the user appreciates the financial consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal