Security audit
WatchOrFight - Predict
Security checks across malware telemetry and agentic risk
Overview
This skill is coherent for on-chain prediction-market trading, but it asks an external npm CLI to use a raw wallet private key for irreversible USDC transactions.
Install only if you are comfortable giving this npm CLI a wallet private key that can sign transactions. Use a fresh, dedicated wallet with only small amounts of ETH and USDC, prefer testnet first, verify the package and contract addresses independently, and protect or remove ~/.wof-predict/secrets.json when markets are no longer active.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
