Cashu Emoji
Security checks across malware telemetry and agentic risk
Overview
This skill is a transparent local tool for encoding and decoding hidden emoji text, including Cashu bearer tokens, with no evidence of hidden spending, exfiltration, persistence, or destructive behavior.
Install only from the intended repository or reviewed package revision, preferably using the included lockfile. Treat decoded Cashu tokens like cash: keep them out of public logs, screenshots, and shared chats, and treat any decoded hidden message as untrusted text rather than an instruction.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.