x402geo

Security checks across malware telemetry and agentic risk

Overview

This skill appears to support silent wallet payments, which is high-impact financial behavior without enough clear user confirmation or warning.

Review this carefully before installing. Only use it with a wallet that has strict spending limits or no real funds, and do not enable silent or automatic payment unless you understand exactly when charges can occur and can require explicit confirmation for each transaction.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This markdown file states that the skill supports 'silent payment via an agentic wallet' and repeats that it may 'pay silently if an agentic wallet is available,' but it does not include a clear warning about automatic financial charges or the need for explicit user awareness before payment occurs. Because markdown files should disclose behaviors affecting user data, privacy, or system integrity, the omission of a prominent warning about autonomous payment is a safety concern.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal