Scout Commerce

Security checks across malware telemetry and agentic risk

Overview

Scout Commerce matches its shopping-and-crypto purpose, but it can spend wallet funds and store a transaction-authorizing API key without clear confirmation, scoping, or retention safeguards.

Install only if you trust Scout/Trustra and Crossmint with shopping, shipping, and wallet operations. Use a dedicated low-balance wallet, confirm every purchase or swap manually, protect or delete credentials.json when not needed, and verify how to revoke the API key before funding the wallet.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ASI02: Tool Misuse and Exploitation

High

What this means

An agent or user who runs the buy command can place a real order and spend USDC from the wallet, potentially without a final review step.

Why it was flagged

The purchase script sends an order directly with the saved API key. The visible workflow does not require an interactive confirmation of final price, quantity, merchant, or shipping destination before spending wallet funds.

Skill content

headers["x-api-key"] = api_key
response = requests.post(
    f"{BASE_URL}/order",
    headers=headers,
    json=payload,
    timeout=60,
)

Recommendation

Require explicit user confirmation immediately before every purchase, showing item, price, taxes/fees, quantity, shipping address, and total cost; use a low-balance wallet and set provider-side spending limits if available.

ASI02: Tool Misuse and Exploitation

High

What this means

Wallet tokens could be converted unexpectedly or at an unfavorable rate if a swap command is run with the wrong token, amount, or market conditions.

Why it was flagged

The swap function can execute a token swap through the Scout API using the saved key. The artifacts show quote mode as optional and do not show a required confirmation, minimum-output, or slippage guard in the client payload.

Skill content

def execute_swap(api_key: str, input_mint: str, output_mint: str, amount: int) -> dict:
    ...
    response = requests.post(
        f"{BASE_URL}/swap",
        headers=headers,
        json=payload,
        timeout=120,
    )

Recommendation

Use quote-only first, require explicit user approval of input token, output token, amount, expected output, fees, and slippage, and prefer provider-side transaction limits.

ASI03: Identity and Privilege Abuse

High

What this means

If the key is misused or exposed, someone may be able to spend or swap funds from the associated Scout/Crossmint wallet.

Why it was flagged

The API key is not merely an account identifier; it authorizes wallet transactions. The artifacts do not show narrow scopes, spend limits, revocation handling, or metadata declaration of this primary credential.

Skill content

Creates a **Crossmint wallet** + **API key** and stores them in `credentials.json`... **Keep API key secure** - it authorizes transactions from your wallet.

Recommendation

Treat the API key like a payment credential, keep only small balances in the wallet, verify how to revoke or rotate the key, and avoid granting broad autonomous purchase/swap permission.

ASI06: Memory and Context Poisoning

Medium

What this means

The local credentials file can expose personal shipping information and payment authority if the machine, workspace, backups, or other tools can read it.

Why it was flagged

The setup script persists a transaction-authorizing API key plus email, address, optional phone, and wallet address for reuse. This is disclosed, but it is sensitive persistent state with no shown expiry or file permission hardening.

Skill content

creds = {
    "api_key": result["apiKey"],
    "wallet_address": result["walletAddress"],
    "shipping_profile": {
        "email": args.email,
        "address": args.address,
        **({"phone": args.phone} if args.phone else {}),
    },
}

save_credentials(creds)

Recommendation

Store the credentials file securely, restrict file permissions, remove it when no longer needed, and do not allow unrelated tools or agents to read the skill directory.

ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

Installing later dependency versions could introduce behavior that was not reviewed with this artifact set.

Why it was flagged

The dependency file uses lower-bound version ranges rather than pinned versions. This is common, but in a wallet/payment skill dependency changes can affect security-sensitive behavior.

Skill content

x402[httpx,svm]>=2.0.0
solana>=0.34.0
solders>=0.21.0
base58>=2.1.0

Recommendation

Install in a virtual environment, pin and review dependency versions, and avoid running the skill in an environment that holds unrelated secrets.