veilpay

This module is primarily a payment-gated premium data fetcher. No explicit malware behavior (e.g., reverse shell, credential harvesting, or suspicious third-party exfiltration) is evident from the provided snippet. The dominant security concern is that it uses execSync with a shell command string that interpolates JSON-derived invoice content into the command line without safe escaping, creating a plausible command-injection pathway if the remote API (or invoice content) is attacker-controlled or unexpectedly shaped. Additionally, the table path segment is used without validation/encoding. The local payment helper (pay-invoice.cjs) is not shown and could contain additional risk, so review is recommended before using this package in high-trust environments.

The skill is purpose-aligned for private Solana payments, but it grants an AI agent direct financial capabilities with real-world consequences, including sending, claiming, and withdrawing funds on mainnet. Install trust appears ordinary npm-based rather than overtly malicious, but the combination of raw wallet storage and autonomous payment flows makes this a high-risk skill despite limited evidence of credential theft or deception.

No clear indicators of covert malware (e.g., exfiltration to suspicious domains, command execution, dynamic code execution, or backdoor installation) are present in this fragment. However, the module performs extremely sensitive secret handling: it persists an ephemeral private key to disk (~/.veilpay/stranded.json) and embeds/prints a private claim key in a URL fragment. This creates a substantial security risk if logs are captured, if the filesystem is compromised, or if the link/terminal output is mishandled. The primary risk is operational secret leakage rather than evidenced malicious behavior.

This module is not obfuscated and shows no overt stealth/evasion logic, but it is inherently high-risk because it automates spending: it reconstructs Solana private keys from a local stranded.json file, signs transactions, and broadcasts transfers to a recipient public key loaded from wallet.json. If the local JSON inputs or destination wallet are not fully trusted and protected, this behavior can directly enable unauthorized fund drainage. Operationally, skipPreflight:true further increases the chance of sending unintended transactions, and environment-controlled RPC configuration can affect which provider the script communicates with.