Hackathon

Security checks across malware telemetry and agentic risk

Overview

This is a coherent testnet blockchain security API skill, with the main caution that transaction simulation sends wallet and transaction details to an external service.

Use a dedicated low-value testnet wallet, expect API requests to cost testnet USDC, and only submit wallet addresses or transaction payloads you are comfortable sharing with Aegis402. For production or sensitive trading strategies, review the provider's privacy, logging, and retention practices before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The simulate-tx examples instruct users to send detailed transaction data, including wallet address, target contract, value, and calldata, to a remote third-party API without a clear privacy or data-handling warning. Even if intended for security analysis, this disclosure can expose sensitive behavioral and financial information and may leak planned transactions before execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal