Security audit

EOLAS MCP

Security checks across malware telemetry and agentic risk

Overview

The skill openly enables crypto trading and social posting, but gives an agent real-funds and public-account authority without clear confirmation, limits, or safety guidance.

Review the npm packages and source before installing. Use only a dedicated low-balance wallet and separate social accounts, keep API tokens least-privileged, require explicit approval for every trade, withdrawal, swap, position close, and public post, and disable the plugin when not actively needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README promotes autonomous trading, fund deposits/withdrawals, emergency position closure, token swaps, and public social posting without any explicit warnings about financial loss, irreversible blockchain actions, liquidation risk, or accidental public disclosure. In an agent-tool context, this omission is security-relevant because users may delegate high-impact actions to an AI without understanding the operational and financial risks.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README instructs users to place sensitive tokens directly into configuration and later notes credentials are stored locally, but it does not warn about secret handling, file permissions, token scope, or host compromise risk. Because these credentials can authorize messaging, social posting, and possibly other privileged actions, poor guidance increases the chance of credential leakage and account takeover.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises trading, withdrawals, swaps, and position-closing actions but does not warn users that these operations can cause immediate financial loss or be irreversible once submitted on-chain or to the exchange. In an agent setting, omitting explicit risk and confirmation guidance increases the chance of accidental or misunderstood execution of high-impact financial actions.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill includes capabilities to send Telegram messages, post to X/Twitter, and read Telegram updates or Twitter mentions, but it does not clearly warn that these actions transmit or retrieve external communications and may expose private or sensitive information. In an agent workflow, users may not realize that prompts or retrieved content are leaving the local environment or being pulled from third-party services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.