Zerion API

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Zerion API helper for read-only crypto wallet research, with the main caveat that queries are sent to Zerion's remote service.

Install only if you are comfortable sending queried wallet addresses, token identifiers, and related research questions to Zerion. Use a dedicated or revocable API key where possible, verify the MCP URL before adding credentials, and avoid submitting sensitive customer, competitor, or internal investigative targets without authorization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to query wallet portfolios, transactions, NFT holdings, and other on-chain activity through a remote HTTP MCP server, but it does not clearly warn that wallet addresses and query contents will be transmitted to Zerion. Even though blockchain addresses are often public, tying them to a user's investigation context, customer research, competitor analysis, or internal governance-token analysis can reveal sensitive business intent and create privacy/compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal