solana-stream-light

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-focused Solana streaming skill with disclosed, purpose-aligned Rust examples and no hidden execution or credential handling.

Reasonable to install as a documentation skill. Before using the examples, keep Helius or RPC provider keys in environment variables or a secrets manager, review and pin Rust dependencies, verify the GitHub source, and limit any subagent or MCP file search to the intended project directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 80% confidence
Finding: This markdown file includes code examples that access the `HELIUS_API_KEY` environment variable via `std::env::var(...)`. Under the missing-user-warnings rule for markdown files, credential access should be disclosed when the skill behavior could affect privacy or sensitive data handling, but the surrounding text does not warn readers that the example depends on reading a sensitive credential from their environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal