ConsortiumAI Create Account

Security checks across malware telemetry and agentic risk

Overview

This skill does the advertised Consortium AI custodial wallet account creation, with sensitive API-key use and wallet-address sharing that are disclosed and aligned with that purpose.

Install and run this only if you trust Consortium AI, intend to create a custodial wallet account for the supplied wallet address, and are comfortable sending that wallet address and API key to Consortium AI's API. Use a restricted or revocable API key if available and verify the wallet address before running the command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill describes creating custodial wallet accounts through an external API using an API key, but it does not warn users that invoking it will transmit wallet-address data to a third party and may create or modify an external financial account. That lack of notice undermines informed consent and increases the chance of unintended account creation or privacy-impacting data disclosure. Because the skill operates in a crypto/custodial-wallet context, the missing warning is more dangerous than in a low-risk informational skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal