BAP-578 BAP-tism

Security checks across malware telemetry and agentic risk

Overview

This skill openly lets an agent control crypto wallets, launch or trade tokens, and post publicly, but it lacks adequate approval and key-storage safeguards.

Review this carefully before installing. Only use it with throwaway or tightly limited wallets, verify all contract addresses and API endpoints independently, avoid storing seed phrases or treasury keys in plaintext, and require explicit confirmation before funding wallets, signing transactions, launching tokens, trading, or posting publicly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The main workflow instructs the agent to generate, store, and use wallet private keys and seed phrases for autonomous on-chain actions without strong upfront safeguards, isolation guidance, or user-consent checkpoints. In an agent setting, this can lead to irreversible fund loss or secret compromise because the same skill also encourages signing transactions and controlling treasury-like assets.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The natural-language examples normalize commands that can move real funds or execute live trades without an adjacent warning that they trigger irreversible blockchain transactions. In an agent environment, terse examples like these increase the risk of accidental authorization and unintended asset movement.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal