EM-A2A

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real blockchain payment skill, but it needs Review because it can move funds using a private key without enough safety guidance.

Install only with a dedicated low-balance wallet, prefer testnet first, never commit or share A2A_PRIVATE_KEY, and require explicit human confirmation before any payment, escrow release, or refund. Verify network, recipient, token, amount, and transaction details before signing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill documents payment, escrow, release, and refund actions that can trigger real blockchain fund movements, but it does not prominently warn that mainnet transactions may be irreversible and financially consequential. In an agentic setting, this increases the risk of accidental transfers, unsafe approvals, or mistaken escrow actions being executed without informed user confirmation.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The setup instructions require an A2A_PRIVATE_KEY and even show it placed directly in configuration, but they do not clearly warn that this credential grants spending authority and must be handled as highly sensitive secret material. This omission can lead users to expose the private key in plaintext config files, logs, screenshots, shared repositories, or insecure environments, enabling theft of funds.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal