OWS - Open Wallet Standard

Security checks across malware telemetry and agentic risk

Overview

This wallet skill is coherent, but it gives agents spend-capable signing and payment commands without explicit per-transaction confirmation safeguards.

Install only if you intentionally want an agent to interact with an OWS wallet. Use a dedicated low-balance wallet, verify the OWS CLI separately, configure spending limits and chain allowlists, and require manual review of wallet, chain, destination, amount, URL, and decoded transaction or message details before any signing or payment command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill explicitly advertises signing transactions and making x402 payments, which are financially sensitive and potentially irreversible actions, but it does not include clear user-facing warnings, confirmation requirements, or guidance to verify transaction details before execution. In an agent setting, this increases the risk that a user or upstream prompt causes unintended signing or payment behavior without appreciating the consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal