Settld MCP Payments
Security checks across malware telemetry and agentic risk
Overview
This payment skill is coherent, but it gives an agent paid-call and settlement authority without clear approval or spend controls.
Review before installing. Pin and verify the `settld-mcp` npm package, use a least-privilege Settld API key, and configure policy so every paid call or settlement action shows the quote and requires explicit user approval before money is spent or records are changed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.