Rustok Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local Ethereum wallet skill, but it gives an agent real fund-moving authority with permissive defaults that users should review carefully.

Install only if you intentionally want an agent-connected self-custody Ethereum wallet. Before funding it, restrict allowed_chain_ids, set explicit per-transaction and daily limits, avoid unlimited stdio defaults unless deliberate, enable any available authentication, and require manual confirmation of destination, amount, chain, and gas before every execute call.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill exposes shell-capable installation and usage flows (`curl`, `docker`, `cargo`) but does not declare corresponding permissions. This can mislead hosts and users about the skill's operational power, especially because the skill also interfaces with a wallet capable of moving funds.

External Transmission

Medium

Category: Data Exfiltration
Content: ### 2. Preview a transaction (always preview before execute) ```bash curl -fsS -X POST http://127.0.0.1:3000/preview \ -H "Content-Type: application/json" \ -d '{"to":"0x0000000000000000000000000000000000000001","amount_wei":"100000000000000000","chain_id":421614}' | jq ```
Confidence: 82% confidence
Finding: curl -fsS -X POST http://127.0.0.1:3000/preview \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: ### 3. Execute a transaction (requires preview_id from step 2) ```bash curl -fsS -X POST http://127.0.0.1:3000/execute \ -H "Content-Type: application/json" \ -d '{"to":"0x0000000000000000000000000000000000000001","amount_wei":"100000000000000000","chain_id":421614,"preview_id":"PASTE_PREVIEW_ID_HERE"}' | jq ```
Confidence: 96% confidence
Finding: curl -fsS -X POST http://127.0.0.1:3000/execute \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: Get Aave v3 + ERC-4626 positions for an address. Omit `address` to use the agent wallet's own address. ```bash curl -fsS -X POST http://127.0.0.1:3000/positions \ -H "Content-Type: application/json" \ -d '{"address":"0xAb5801a7D398351b8bE11C439e05C5B3259aeC9B"}' | jq ```
Confidence: 78% confidence
Finding: curl -fsS -X POST http://127.0.0.1:3000/positions \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: ``` ```bash curl -fsS -X POST http://127.0.0.1:3000/preview \ -H "Content-Type: application/json" \ -d '{"to":"0x0000000000000000000000000000000000000001","amount_wei":"100000000000000000","chain_id":421614}' | jq ```
Confidence: 82% confidence
Finding: curl -fsS -X POST http://127.0.0.1:3000/preview \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: ``` ```bash curl -fsS -X POST http://127.0.0.1:3000/execute \ -H "Content-Type: application/json" \ -d '{"to":"0x0000000000000000000000000000000000000001","amount_wei":"100000000000000000","chain_id":421614,"preview_id":"PASTE_PREVIEW_ID_HERE"}' | jq ```
Confidence: 96% confidence
Finding: curl -fsS -X POST http://127.0.0.1:3000/execute \ -H "Content-Type: application/json" \ -d

Chaining Abuse

High

Category: Tool Misuse
Content: One-line install (Linux, macOS, Windows with Git Bash): ```bash curl -fsSL https://raw.githubusercontent.com/rustok-org/mcp/main/scripts/install.sh | bash ``` Or download manually from [GitHub Releases](https://github.com/rustok-org/mcp/releases).
Confidence: 99% confidence
Finding: | bash

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal