Use this skill when the user wants to purchase a virtual debit card using crypto, create a prepaid card via x402 protocol, check virtual card status, or set up an EVM wallet for card payments. Trigger on: "buy a card", "get a virtual card", "create card", "card status", "setup wallet for card", or any intent involving purchasing virtual Visa/Mastercard with cryptocurrency.

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it asks for and persists a full crypto wallet private key while relying on an unpinned external CLI that can auto-upgrade.

Install only after reviewing the external npm package and disabling or avoiding auto-upgrades. Use a new low-balance wallet, never a main wallet, avoid pasting private keys into command-line arguments, and require explicit approval before any upgrade or card-purchase command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger text includes a broad catch-all phrase ('any intent involving purchasing virtual Visa/Mastercard with cryptocurrency'), which can cause the skill to activate in situations beyond a narrowly scoped card-purchase workflow. In a skill that handles payments and requests wallet private keys, overbroad activation increases the chance of unintended invocation, credential prompting, or steering users into sensitive financial actions without sufficient context.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the user to provide an EVM private key and says it will be stored locally, but it does not present a strong, upfront warning that a private key is a highly sensitive secret that grants full control of funds. In practice, prompting for raw private keys in conversational workflows is dangerous because users may paste irreversible credentials into environments they do not fully trust, leading to wallet compromise if logs, shells, or downstream tooling are exposed.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The sample status response includes payment and card-related data such as full BIN, last four digits, transaction hash, and card status without any guidance on redaction, least-privilege display, or safe logging. In an agent skill context, examples often get copied directly into implementations and UI behavior, increasing the risk that real card metadata is exposed to users, logs, chat transcripts, or downstream tools.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation tells users to supply an EVM private key directly as a CLI argument, which commonly exposes the secret in shell history, terminal scrollback, process listings, audit logs, and CI/job telemetry. In the context of a crypto payment/card skill, disclosure of this key can immediately lead to wallet takeover and theft of funds, making the guidance more dangerous than in ordinary applications.

Session Persistence

Medium

Category: Rogue Agent
Content: name: x402-card description: > Use this skill when the user wants to purchase a virtual debit card using crypto, create a prepaid card via x402 protocol, check virtual card status, or set up an EVM wallet for card payments. Trigger on: "buy a card", "get a virtual card", "create card", "card status", "setup wallet for card", or any intent involving purchasing virtual Visa/Mastercard with cryptocurrency.
Confidence: 88% confidence
Finding: create a prepaid card via x402 protocol, check virtual card status, or set up an EVM wallet for card payments. Trigger on: "buy a card", "get a virtual card", "create card", "card status", "setup

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal