Prediction Market Data

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed, read-only API client for prediction market data, with no evidence of hidden installs, trading, persistence, or unrelated data access.

Install only if you are comfortable giving an AIsa API key to this skill and paying for API queries. Avoid supplying wallet addresses unless you intend to look up public wallet activity through AIsa.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill requires an API key from the environment and performs outbound HTTPS requests, but it does not declare corresponding permissions. Even if the documented use is read-only market data retrieval, undeclared env and network capabilities reduce transparency and can allow a caller to expose secrets or send data off-host without an explicit permission boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal