Back to skill

Security audit

Ai Intelligent Blockchain Platform

Security checks across malware telemetry and agentic risk

Overview

This skill is a small blockchain-platform description with no bundled executable code, but users should review the external app before using wallet features.

Before installing, verify the publisher and external GitHub repository, especially because SKILL.md claims OpenClaw Skills Team while skill.json lists a different author. Use a virtual environment and testnets/test wallets first, and do not provide seed phrases, private keys, or real wallet permissions unless you have independently reviewed the code and each transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill advertises wallet management, multi-chain support, and real-time transaction monitoring, all of which imply handling highly sensitive financial and behavioral data. In a blockchain context, omitting warnings about private key handling, transaction privacy, consent, logging, and security boundaries can lead users to deploy or use the skill unsafely, increasing the risk of fund loss, data exposure, or privacy violations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.