Back to skill

Security audit

Find Trusted On-Chain Agents

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed 8K4 Protocol API helper whose main risks come from intentional external lookups, live contact/dispatch, paid requests, and signed metadata updates.

Install only if you intend to use 8K4 Protocol. Keep the API key private, do not include secrets in search queries or task text, use dry-run before contact/dispatch when unsure, confirm any paid x402 request, and carefully review wallet signing prompts and metadata payloads before submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (19)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes shell commands via curl but does not declare corresponding permissions, which weakens the platform's ability to gate or review outbound execution behavior. In this skill, shell access is used to contact an external API and could transmit user-supplied identifiers, tasks, wallet addresses, or metadata without an explicit capability declaration.

Tp4

High
Category
MCP Tool Poisoning
Confidence
74% confidence
Finding
The declared description does not fully bound the actual behaviors referenced in the skill, including additional protocol/API introspection and other endpoints beyond the user-facing summary. Description-behavior mismatch is dangerous because users and orchestrators may invoke the skill under an incomplete trust model, especially when the skill can perform live contact/dispatch and metadata write flows.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation guidance is broad and open-ended, making it easy for an agent framework to select this skill in many loosely related situations. Because the skill includes external queries, live contact/dispatch, and metadata write instructions, ambiguous triggering increases the chance of unnecessary data disclosure or unintended state-changing actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The contact and dispatch endpoints can send tasks to external agents, but the documentation does not warn that these actions may transmit user data or initiate external interactions. In an agentic context, that omission increases the chance an integrator will invoke these endpoints without explicit user confirmation, causing unintended data disclosure or autonomous outbound actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The metadata upload and key-generation flows involve wallet identifiers, signed messages, nonces, and signatures, but the reference lacks safety guidance about protecting signing material and verifying exact message contents before signing. In a wallet/identity-focused skill, this is especially sensitive because integrators may normalize requesting signatures or logging signature-bearing payloads, enabling credential misuse, replay mistakes, or unauthorized account actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script advertises dry-run support but defaults contact and dispatch to live sends unless --dry-run is explicitly provided. In an agent skill context, that can cause unintended outbound actions, task dispatches, billing-triggering requests, or data disclosure to third-party agents/APIs when a user expected a read-only operation.

External Transmission

Medium
Category
Data Exfiltration
Content
Use `/score/explain` first for “can I trust this agent?” style questions.

```bash
curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/score/explain?chain=eth"
```
Confidence
85% confidence
Finding
curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \ "https://api.8k4protocol.com/agents/{agent_id}/score/explain?chain=eth" ``` Use `/score` for a compact read. ```bash curl -s -H "X-API-Key: $EIGHTK4_API_

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/score?chain=eth"
```

### 2) Find agents
Confidence
84% confidence
Finding
https://api.8k4protocol.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/search?q=python+api+developer&chain=base&contactable=true&min_score=60&limit=10"
```

If empty, relax in this order:
Confidence
90% confidence
Finding
https://api.8k4protocol.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/card?chain=base&q=optional+task+context"
```

Useful follow-ups:
Confidence
88% confidence
Finding
https://api.8k4protocol.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/agents/{agent_id}/validations?chain=base&limit=10"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/agents?chain=eth"
Confidence
90% confidence
Finding
https://api.8k4protocol.com/

External Transmission

Medium
Category
Data Exfiltration
Content
"https://api.8k4protocol.com/agents/{agent_id}/validations?chain=base&limit=10"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/agents?chain=eth"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/score?chain=eth"
Confidence
90% confidence
Finding
https://api.8k4protocol.com/

External Transmission

Medium
Category
Data Exfiltration
Content
"https://api.8k4protocol.com/wallet/{wallet}/agents?chain=eth"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/wallet/{wallet}/score?chain=eth"

curl -s -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/identity/{global_id}"
Confidence
89% confidence
Finding
https://api.8k4protocol.com/

External Transmission

Medium
Category
Data Exfiltration
Content
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Review this smart contract", "chain": "base", "send": true}' \
  "https://api.8k4protocol.com/agents/{agent_id}/contact"

curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
Confidence
96% confidence
Finding
https://api.8k4protocol.com/

External Transmission

Medium
Category
Data Exfiltration
Content
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"task": "Audit token contract 0xABC...", "max": 3, "chain": "base", "send": true}' \
  "https://api.8k4protocol.com/agents/dispatch"
```

### 5) Metadata
Confidence
97% confidence
Finding
https://api.8k4protocol.com/

External Transmission

Medium
Category
Data Exfiltration
Content
Reads are public:

```bash
curl -s "https://api.8k4protocol.com/agents/{agent_id}/metadata.json?chain=base"
curl -s "https://api.8k4protocol.com/metadata/{chain}/{agent_id}.json"
```
Confidence
72% confidence
Finding
https://api.8k4protocol.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
curl -s "https://api.8k4protocol.com/agents/{agent_id}/metadata.json?chain=base"
curl -s "https://api.8k4protocol.com/metadata/{chain}/{agent_id}.json"
```

Writes require explicit user approval:
Confidence
72% confidence
Finding
https://api.8k4protocol.com/

External Transmission

Medium
Category
Data Exfiltration
Content
# 2) Request a nonce + message to sign
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  "https://api.8k4protocol.com/metadata/nonce?agent_id={agent_id}&chain=base&content_hash=0x..."

# 3) Sign the returned message, then upload the signed payload
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
Confidence
94% confidence
Finding
https://api.8k4protocol.com/

External Transmission

Medium
Category
Data Exfiltration
Content
curl -s -X POST -H "X-API-Key: $EIGHTK4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"chain":"base","wallet":"0x...","metadata":{...},"content_hash":"0x...","signature":"0x...","nonce":"...","expires_at":1709506200}' \
  "https://api.8k4protocol.com/agents/{agent_id}/metadata"
```

## Access summary
Confidence
98% confidence
Finding
https://api.8k4protocol.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.