jovay-dapp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Jovay blockchain dApp-building skill whose wallet, package installation, testnet deployment, and local server actions fit its stated purpose.

Install this only if you want an agent to scaffold and run a Jovay blockchain development project. Use a separate testnet wallet, review generated contracts and package scripts before running them, confirm the network before any transaction, and avoid exposing mainnet private keys unless you deliberately choose to use them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to perform impactful actions such as wallet initialization, requesting testnet funds, deploying contracts, installing dependencies, and starting local servers without an explicit safety gate or user-consent checkpoint before each side effect. In an agentic environment, this can lead to unintended system changes, network calls, wallet operations, or blockchain transactions based on an ambiguous or incomplete user request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal