DeFi

Security checks across malware telemetry and agentic risk

Overview

This skill is an advisory DeFi analysis helper with no executable code, wallet access, signing ability, or hidden data access.

Safe to install as an advisory helper, but do not share seed phrases, private keys, wallet passwords, or unnecessary personal financial records. Treat DeFi, investment, and tax outputs as risk-analysis and organization support, not professional financial, legal, or tax advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest describes a DeFi advisory skill focused on protocol safety, real yield calculation, and rug-risk assessment. Example 4 adds a separate tax-analysis use case ('likely taxable events' and 'accountant-friendly summary'), which is not part of the stated scope and changes the apparent purpose of the skill.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal