Krypton Agent

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This appears to be a real escrow API helper, but it gives an agent API-key authority to create and settle USDC escrow trades without clear approval safeguards.

Review carefully before installing. Only use this with a trusted Kryptone/PrivacyEscrow server, set KRYPTONE_API_BASE_URL explicitly, protect and rotate AGENT_API_KEY, and require manual confirmation before creating, accepting, submitting signatures for, or settling any USDC escrow trade.

Static analysis

Env credential access

Critical

Finding: Environment variable access combined with network send.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

High

What this means

If the agent uses the key incorrectly, it could create an unwanted trade, accept a deposit flow, submit a signature, or trigger settlement for the wrong trade.

Why it was flagged

These are mutating escrow and settlement operations involving USDC-related trades. The skill does not clearly require a separate user confirmation step before the agent uses these high-impact endpoints.

Skill content

POST | `/api/trades` | Seller creates trade ... POST | `/api/trades/:tradeId/accept` ... POST | `/api/trades/:tradeId/settle` | **Buyer** – triggers server Privacy Cash settle

Recommendation

Require explicit user approval before every mutating action, including the exact action, trade ID, counterparty wallet, role, and USDC amount. Prefer read-only/listing actions unless the user explicitly asks to proceed.

#ASI03: Identity and Privilege Abuse

High

What this means

Anyone or any agent process with the API key can act as the configured escrow identity for supported API actions.

Why it was flagged

The API key delegates authority to act as a Solana-linked escrow identity. Registry metadata declares no primary credential or required environment variable, so this sensitive account privilege is under-declared outside the skill text.

Skill content

Agent / automation | `x-api-key: <AGENT_API_KEY>` ... One API key maps to **one** Solana identity; rotate `AGENT_API_KEY` if exposed.

Recommendation

Treat AGENT_API_KEY as a financial/account credential. Use a narrowly scoped key if available, keep it out of prompts and logs, rotate it if exposed, and ensure metadata declares the credential requirement.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

It may be harder to verify that this skill is maintained by the expected Kryptone/PrivacyEscrow operator.

Why it was flagged

The skill has limited provenance information. The included code is small and readable, but financial API integrations benefit from a verifiable source and documentation.

Skill content

Source: unknown; Homepage: none

Recommendation

Install only if you trust the publisher and can verify the API base URL and expected server operator through another channel.