Sponge Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a coherent wallet skill, but it delegates real fund-moving and paid API authority without enough built-in confirmation or safety scoping.

Install only if you are comfortable giving the agent wallet write and transaction-signing authority. Prefer testnet or low-balance wallets, verify recipient, chain, token, amount, slippage, and payment recipient before each action, set paid API calls to review costs where possible, avoid overriding SPONGE_API_URL unless you fully trust the endpoint, and use logout or rotate credentials when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README advertises sensitive wallet operations, token transfers, swaps, and paid API access while stating that OAuth credentials are stored locally, but it does not prominently warn users about financial risk, credential sensitivity, or the need to verify destinations and networks before approving actions. In a wallet-management skill, this omission increases the chance of unsafe use, accidental transfers, or mishandling of stored credentials, especially because the README presents setup and usage as simple and routine.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation exposes real fund-transfer functionality for ETH/USDC without prominently warning that transfers are irreversible and move real assets. In an agent skill context, this increases the chance of accidental or socially engineered transfers because users or downstream agents may treat the tool as routine automation rather than a high-risk financial action.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The Solana transfer documentation similarly omits a clear warning that sending SOL or USDC causes irreversible asset movement on a live blockchain. Because this skill is specifically designed to manage wallets and transfers, missing warnings materially increases the risk of user confusion, prompt-injection-driven misuse, or operational mistakes that permanently lose funds.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Swap operations are documented without emphasizing execution risk, including slippage, price impact, token spoofing, and irreversibility once the swap is submitted. In a wallet-managing agent, this is dangerous because users may initiate trades into illiquid or malicious tokens without understanding that a routing aggregator choosing the best path does not remove market or settlement risk.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The sponge interface defaults to auto_pay=true for paid API calls, but the documentation does not prominently warn that ordinary-looking search, crawl, parse, or LLM requests may automatically spend wallet funds. In an agent environment, this is especially risky because untrusted content could induce repeated paid calls, turning prompt injection or misuse into direct financial loss.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The create_x402_payment section describes generating a signed payment payload to an external recipient without clearly warning that this authorizes spending. Because it is a low-level payment primitive, misuse or confusion could cause an agent to sign payments to attacker-controlled recipients or for unintended resources, directly enabling loss of funds.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is overly broad and authorizes generic access to paid API capabilities such as web scraping, document parsing, image generation, and sales prospecting without clear scope limits, approval requirements, or examples of safe use. In an agent setting, this increases the chance of the skill being invoked for unintended external actions or costly third-party requests based on ambiguous user prompts.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill exposes irreversible fund-moving operations including transfers, swaps, and withdrawals, but does not prominently require explicit user confirmation, recipient verification, chain/token verification, or acknowledgement of irreversibility before execution. In a wallet skill, this context makes the omission more dangerous because ambiguous prompts, address mistakes, or prompt-injection-induced tool use could directly cause permanent financial loss.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This wrapper will invoke arbitrary wallet tools, including transfers, swaps, withdrawals, and payment creation, immediately after parsing CLI input, with no local confirmation, allowlist by risk level, or human-verification step. In a skill context that manages crypto assets and paid API access, this makes accidental or prompt-induced irreversible transactions materially more dangerous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal