exploring-solana-with-solscan

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned Solscan Pro blockchain lookup skill, with a privacy caveat because queried addresses and transaction details go to a third-party API.

Install this only if you are comfortable sharing the wallet addresses, transaction signatures, token/NFT identifiers, and investigation patterns you query with Solscan Pro. Use a dedicated API key if required and avoid submitting sensitive investigative linkages unless that disclosure is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill is designed to send wallet addresses, transaction signatures, account metadata queries, and related blockchain investigation inputs to an external third-party API, but it provides no user-facing warning about that data transfer. Even if the queried data is public on-chain, the user's investigative interest, linked addresses, and usage patterns may be sensitive and can be logged by the provider.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal