Tokenized agents pump.fun

Security checks across malware telemetry and agentic risk

Overview

This is a coherent payment-integration guide that can help build Solana wallet payment flows, with normal financial-transaction risks that users must review before signing.

Before installing, verify the npm package names and versions, choose an RPC provider you trust, treat autoConnect as optional, and make sure wallet prompts show the intended amount, currency, network, and payment context before approving. Never provide private keys or seed phrases.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The example enables `autoConnect` for browser wallets without any warning or discussion of the UX and security implications of automatic wallet reconnection. In a payment-focused Solana integration, this can cause users to reconnect to wallets unexpectedly, increasing the chance they approve transactions in the wrong context or expose wallet presence to pages before making an explicit choice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal