Back to skill

Security audit

Heurist Mesh Crypto Analysis Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent crypto analytics skill, but it gives the agent under-scoped access to raw payment credentials and crypto signing flows.

Install only if you are comfortable letting an agent access paid Heurist services. Prefer the API-key credits path over raw wallet private keys; if using x402, use a dedicated low-balance wallet, verify recipient/network/amount before every signature, keep `.env` out of source control, and require explicit user approval before any paid request or signing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs reading local `.env` contents and validating payment credentials, including API keys and private keys, before using the service. Even if this is meant for legitimate setup, it expands the skill from crypto data retrieval into accessing local secret material, which creates unnecessary exposure of sensitive credentials and could lead an agent to retrieve or mishandle secrets far beyond the user’s immediate request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs users to place a private key in a local .env file with no warning about secret handling, storage risks, least-privilege practices, or exclusion from version control. This increases the chance of accidental exposure through source control, logs, screenshots, backups, or insecure workstation access, which could allow unauthorized use of the payment identity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs users to sign an on-chain USDC authorization with a raw private key and transmit the resulting payment authorization, but it provides no security warning about handling private keys, verifying recipient and amount, or the fact that this can move funds. In a crypto-payment context, omission of these warnings materially increases the chance of accidental fund loss, unsafe key exposure, or users signing payments they do not fully understand.

External Transmission

Medium
Category
Data Exfiltration
Content
X_PAYMENT=$(printf '{"x402Version":1,"scheme":"exact","network":"base","payload":{"signature":"%s","authorization":{"from":"%s","to":"%s","value":"%s","validAfter":"0","validBefore":"%s","nonce":"%s"}}}' \
  "$SIG" "$WALLET" "$PAY_TO" "$AMOUNT" "$VALID_BEFORE" "$NONCE" | base64 -w 0)

curl -s -X POST "$URL" \
  -H "Content-Type: application/json" \
  -H "X-Payment: $X_PAYMENT" \
  -d "$BODY"
Confidence
82% confidence
Finding
curl -s -X POST "$URL" \ -H "Content-Type: application/json" \ -H "X-Payment: $X_PAYMENT" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.