Debridge Mcp

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed deBridge MCP integration, but users should treat it carefully because it helps prepare real crypto swap workflows.

Install only if you intend agents to access deBridge swap tooling. Before approving any transaction, verify chain, token, amount, recipient, fees, slippage, and the wallet signature prompt; use small test amounts first. Because setup builds unpinned remote code and the service is hosted, prefer a reviewed/pinned version if you need stronger supply-chain control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This markdown file describes executing cryptocurrency swaps and transfers, which can directly affect user funds and system-integrated wallets. Although it mentions fee estimation and later says to verify rates, it does not clearly warn users up front about transactional irreversibility, wrong-address/network risk, or potential asset loss from executing trades.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal