CoinMarketCap MCP

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate read-only CoinMarketCap data skill, but its instructions are overly broad and may send crypto-related prompts to an external API even when the user did not clearly ask for live data.

Install only if you are comfortable configuring a CoinMarketCap API key and having crypto-related queries sent to CoinMarketCap's MCP service. Prefer explicit use for live market data, avoid including sensitive portfolio or account details unless necessary, and monitor API quota or costs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 93% confidence
Finding: The trigger guidance is intentionally very broad: it says to use the skill for ANY crypto-related question, even when the user did not explicitly request external data. That can cause unintended invocation of a remote MCP service for loosely related discussions, increasing unnecessary data sharing, tool overuse, and the chance of acting on external content when a local answer would suffice.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs the agent to use a remote CoinMarketCap MCP connection and API key, but it does not clearly warn end users that their prompts may be sent to an external service. This reduces transparency and informed consent, especially because the workflow encourages fetching extra data and making multiple tool calls beyond the minimum needed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal