Crypto Address Sentinel

Security checks across malware telemetry and agentic risk

Overview

This instruction-only crypto wallet monitoring skill is coherent and disclosed, with privacy considerations around watched addresses and optional webhook alerts.

Safe to install as a monitoring instruction skill. Treat wallet addresses and alert contents as sensitive, use only trusted webhook URLs, and do not provide private keys, seed phrases, or signing permissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation phrase "addresses" is overly generic and can easily appear in normal conversation about crypto wallets, contact info, or general discussion. In an agent environment, this increases the chance of accidental skill activation and unintended access to monitoring actions or address-related data, especially because the skill is explicitly designed to inspect watched wallet addresses.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal