solana-token-distribution

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Solana token-distribution reference skill, but its examples can lead to real blockchain transactions if copied and run.

Install only if you intend to build Solana token distribution tooling. Before any mainnet run, confirm the network, mint, recipients, amounts, fees, and preflight settings; use devnet or localnet first, keep private keys out of source and chat, and use a limited-balance payer wallet.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This example mints a new token supply and performs large-scale on-chain distribution on Solana mainnet, but it does not include an explicit warning that running the script has real, irreversible financial and operational effects. In a reference skill, users may copy and execute it as-is, especially because the example is framed as a ready-made batched airdrop workflow and defaults to a mainnet RPC endpoint, increasing the chance of accidental token issuance, transfers, and fee expenditure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal