Back to skill

Security audit

Agent Identity Protocol

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated blockchain identity purpose, but it handles plaintext private keys and can submit USDC staking transactions with weak confirmation around the documented JSON flows.

Review before installing. Use a fresh low-value key, avoid importing a main wallet private key, verify the registry address and network before any transaction, and require explicit user approval before running register, link, or vouch commands, especially when using --json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Low
Confidence
88% confidence
Finding
The setup instructions tell users to create a signing key file under ~/.agent-identity/key.json, but the warning about private-key sensitivity appears later and not at the point of creation. That increases the chance a user generates or stores a long-lived secret without understanding backup, theft, multi-user host, or filesystem exposure risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The register command stakes USDC on-chain, which can move funds, lock assets for a cooldown period, and incur irreversible network transaction fees. Presenting the command without an explicit transactional warning may cause users or agents to execute it as if it were a harmless local setup action.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The vouch command stakes USDC for another agent, creating direct financial exposure and on-chain effects, but the documentation omits a clear warning at the command site. Users may not realize they are risking funds on behalf of a third party or that recovery may be delayed or conditional.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This code persists raw private key material to a predictable file under the user's home directory and later reloads it directly for transaction signing. Even with restrictive file modes, plaintext key storage materially increases the risk of key theft through local compromise, backups, malware, accidental disclosure, or multi-process access, and in this skill context the key can control on-chain identity and potentially staked USDC.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This setup script accepts a private key via a command-line argument and persists the resulting secret key material to disk without any prominent warning, confirmation, or safer handling path. Passing secrets on the CLI can expose them via shell history, process listings, logs, or automation tooling, and the skill context is especially sensitive because it manages blockchain identity and funds-bearing keys.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"vouch": "node scripts/vouch.js"
  },
  "dependencies": {
    "viem": "^2.0.0",
    "commander": "^11.0.0"
  },
  "author": "g1itchbot",
Confidence
90% confidence
Finding
"viem": "^2.0.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "dependencies": {
    "viem": "^2.0.0",
    "commander": "^11.0.0"
  },
  "author": "g1itchbot",
  "license": "MIT"
Confidence
90% confidence
Finding
"commander": "^11.0.0"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.