open-stellar-wallet

Security checks across malware telemetry and agentic risk

Overview

This Stellar skill appears purpose-built for Stellar CLI use, but it gives the agent wallet setup and key-removal authority with too little user confirmation.

Review this skill before installing. Use it only for testnet unless you intentionally configure otherwise, inspect the Stellar CLI install script/source, and require explicit confirmation before wallet creation, funding, network changes, or any key removal command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to perform first-run setup automatically and to create and fund a default wallet without user confirmation. Even on testnet, this causes side effects on the user's system and blockchain state, normalizes autonomous financial/account actions, and may create confusion or unsafe carryover if users later switch contexts or networks.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The documentation includes wallet removal as a routine command without warning that deleting a local identity may be irreversible if the secret key is not backed up. This creates a realistic risk of accidental key loss, loss of account access, or destructive actions being taken by an agent without adequately signaling consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal