Solanaprox Ai

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed SolanaProx AI gateway that sends a wallet address to pay for AI requests from a pre-funded USDC balance, with no hidden code or malware signals found.

Install only if you are comfortable sending a Solana wallet address to solanaprox.com and paying from a pre-deposited USDC balance. Use a dedicated wallet or low-balance account, monitor spending, and avoid unattended orchestration unless you have explicit cost controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to send their wallet address to a third-party API as an authentication and billing credential, but it does not present a clear, explicit warning about that disclosure at the point of use. Because wallet addresses are persistent identifiers tied to on-chain activity and payment history, this can expose user privacy and create tracking or profiling risk beyond ordinary request metadata.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill advertises pay-per-use AI access funded by pre-deposited USDC, but it does not clearly warn that every inference or orchestration call may automatically consume funds. In an agent setting, repeated or chained calls can trigger unexpected spending, especially where orchestration selects multiple tools or models without a hard user-visible cost checkpoint.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal