Portal Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed Portal crypto-wallet skill with real fund-transfer and signing power, but the high-risk behavior matches its stated purpose and includes meaningful safety guidance.

Install only if you intend to let an agent operate a Portal crypto wallet. Use test funds first, configure the signature-approval webhook and spending limits before holding meaningful balances, keep the Portal API key and MPC shares out of source control, and manually review every transaction or signature request before approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (12)

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The skill explicitly warns not to sign user- or externally-supplied hashes, yet later documents a raw signing endpoint that accepts an arbitrary digest. In a wallet skill, exposing raw signing materially increases the risk that an agent could authorize opaque payloads, off-protocol approvals, or signatures that users cannot meaningfully review.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README advertises high-risk wallet capabilities such as sending tokens, signing transactions, and swapping assets without clearly warning that these actions can irreversibly move funds or approve malicious transactions. In an agent-integrated crypto wallet skill, this omission increases the chance that operators deploy or use the skill without appropriate human approval expectations and transaction-risk awareness.

External Transmission

Medium

Category: Data Exfiltration
Content: --arg to "<recipient-address>" \ --arg amount "<amount>" \ '{share: $share, chain: "monad", to: $to, token: "NATIVE", amount: $amount, rpcUrl: "https://api.portalhq.io/rpc/v1/eip155/143"}' \ | curl -s -X POST 'https://mpc-client.portalhq.io/v1/assets/send' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data @- | jq .
Confidence: 90% confidence
Finding: curl -s -X POST 'https://mpc-client.portalhq.io/v1/assets/send' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data

External Transmission

Medium

Category: Data Exfiltration
Content: --arg to "<recipient-address>" \ --arg amount "<amount>" \ '{share: $share, chain: "solana-devnet", to: $to, token: "NATIVE", amount: $amount, rpcUrl: "https://api.portalhq.io/rpc/v1/solana/EtWTRABZaYq6iMfeYKouRu166VU2xqa1"}' \ | curl -s -X POST 'https://mpc-client.portalhq.io/v1/assets/send' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data @- | jq .
Confidence: 89% confidence
Finding: curl -s -X POST 'https://mpc-client.portalhq.io/v1/assets/send' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data

External Transmission

Medium

Category: Data Exfiltration
Content: --arg to "<recipient-address>" \ --arg amount "<amount>" \ '{share: $share, chain: "bitcoin-segwit-testnet", to: $to, token: "NATIVE", amount: $amount}' \ | curl -s -X POST 'https://mpc-client.portalhq.io/v1/assets/send' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data @- | jq .
Confidence: 89% confidence
Finding: curl -s -X POST 'https://mpc-client.portalhq.io/v1/assets/send' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data

External Transmission

Medium

Category: Data Exfiltration
Content: --arg token "USDC" \ --arg amount "10" \ '{share: $share, chain: "monad", to: $to, token: $token, amount: $amount, rpcUrl: "https://api.portalhq.io/rpc/v1/eip155/143"}' \ | curl -s -X POST 'https://mpc-client.portalhq.io/v1/assets/send' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data @- | jq .
Confidence: 90% confidence
Finding: curl -s -X POST 'https://mpc-client.portalhq.io/v1/assets/send' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data

External Transmission

Medium

Category: Data Exfiltration
Content: --arg share "$PORTAL_SECP256K1_SHARE" \ --arg params "$TX_PARAMS" \ '{share: $share, method: "eth_sendTransaction", params: $params, rpcUrl: "https://api.portalhq.io/rpc/v1/eip155/143", chainId: "eip155:143"}' \ | curl -s -X POST 'https://mpc-client.portalhq.io/v1/sign' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data @- | jq .
Confidence: 92% confidence
Finding: curl -s -X POST 'https://mpc-client.portalhq.io/v1/sign' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data

External Transmission

Medium

Category: Data Exfiltration
Content: --arg share "$PORTAL_SECP256K1_SHARE" \ --arg params "<hex-encoded-message>" \ '{share: $share, method: "personal_sign", params: $params, chainId: "eip155:143"}' \ | curl -s -X POST 'https://mpc-client.portalhq.io/v1/sign' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data @- | jq .
Confidence: 94% confidence
Finding: curl -s -X POST 'https://mpc-client.portalhq.io/v1/sign' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data

External Transmission

Medium

Category: Data Exfiltration
Content: --arg share "$PORTAL_SECP256K1_SHARE" \ --arg params "<stringified-typed-data-json>" \ '{share: $share, method: "eth_signTypedData_v4", params: $params, chainId: "eip155:143"}' \ | curl -s -X POST 'https://mpc-client.portalhq.io/v1/sign' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data @- | jq .
Confidence: 95% confidence
Finding: curl -s -X POST 'https://mpc-client.portalhq.io/v1/sign' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data

External Transmission

Medium

Category: Data Exfiltration
Content: --arg share "$PORTAL_ED25519_SHARE" \ --arg params "<base64-serialized-transaction>" \ '{share: $share, method: "sol_signAndConfirmTransaction", params: $params, chainId: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp"}' \ | curl -s -X POST 'https://mpc-client.portalhq.io/v1/sign' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data @- | jq .
Confidence: 88% confidence
Finding: curl -s -X POST 'https://mpc-client.portalhq.io/v1/sign' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data

External Transmission

Medium

Category: Data Exfiltration
Content: --arg share "$PORTAL_SECP256K1_SHARE" \ --arg params "<hex-digest-without-0x>" \ '{share: $share, params: $params}' \ | curl -s -X POST 'https://mpc-client.portalhq.io/v1/raw/sign/SECP256K1' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data @- | jq .
Confidence: 98% confidence
Finding: curl -s -X POST 'https://mpc-client.portalhq.io/v1/raw/sign/SECP256K1' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data

External Transmission

Medium

Category: Data Exfiltration
Content: --arg share "$PORTAL_SECP256K1_SHARE" \ --arg to "<recipient>" \ '{share: $share, chain: "monad", to: $to, token: "USDC", amount: "10", rpcUrl: "https://api.portalhq.io/rpc/v1/eip155/143", sponsorGas: false}' \ | curl -s -X POST 'https://mpc-client.portalhq.io/v1/assets/send' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data @- | jq .
Confidence: 87% confidence
Finding: curl -s -X POST 'https://mpc-client.portalhq.io/v1/assets/send' \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $PORTAL_CLIENT_API_KEY" \ --data

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal