OpenDEX Solana Token API

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for using the OpenDex Solana token API, with expected wallet/API-key privacy considerations but no hidden code or execution behavior.

Install only if you trust the OpenDex service. Do not expose API keys in shared chats or logs, use explicit confirmation before POST or DELETE requests, and avoid sending wallet addresses or signatures unless the requested action requires them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The skill instructs users to register and use an API key tied to a Solana wallet address, but it does not explicitly warn that both the wallet identifier and the issued API credential are being shared with a third-party service. In an agent context, this can lead users to disclose persistent identifiers and secrets without understanding privacy and account-abuse risks, especially since the key is only shown once and can authorize authenticated community-content operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal