Back to skill

Security audit

Near Batch Sender

Security checks across malware telemetry and agentic risk

Overview

This skill is understandable in purpose, but it can move NEAR assets in bulk and its command execution/input safeguards are too weak for that level of authority.

Review before installing. Only run it with JSON files you created and verified, use testnet or very small transfers first, and avoid relying on it for valuable assets until it replaces shell-string exec with argument-based process execution, validates NEAR account/contract/token/amount fields, and adds an explicit preview and confirmation step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script uses child_process.exec to build shell commands from untrusted values taken from CLI arguments and JSON fields such as senderAccount, recipient.account, transfer.contract, transfer.receiver, and transfer.token_id. Because exec invokes a shell, crafted input can break out of the intended NEAR command and execute arbitrary OS commands on the host running the skill.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README documents batch token and NFT transfer workflows but does not warn that these actions move assets irreversibly or emphasize validating recipient accounts, token IDs, and contract addresses before execution. In a batch-transfer context, a single malformed or maliciously altered input file can cause multiple unintended asset transfers at once, increasing the likelihood and scale of user loss.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises batch sending of NEAR, NFT transfers, and claims without any explicit warning that these actions move assets and may be irreversible once signed and submitted. In an agent setting, omission of high-friction safety language increases the chance of accidental mass transfers or mistaken execution from malformed input files, especially because batch operations amplify user error.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Batch token transfers are executed immediately in a loop with no dry-run, no per-operation confirmation, and no final irreversible-action warning. In a wallet/asset-transfer context, this increases the chance of accidental or maliciously induced mass transfers if the input file is wrong or tampered with.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
Batch NFT transfers are also executed immediately without any confirmation or explicit warning, despite being irreversible asset movements. In this skill's context, that is particularly risky because a malformed or hostile transfer list can rapidly move unique assets to attacker-controlled accounts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.