Gasless

Security checks across malware telemetry and agentic risk

Overview

This skill is labeled as gasless blockchain analysis, but it actually behaves like a local note/configuration store that persists and exports user-entered data.

Install only if you understand this is effectively a local plaintext entry manager, not a gasless blockchain analysis tool. Avoid entering secrets, wallet data, API keys, incident notes, or sensitive protocol information unless storage under ~/.gasless and export files in the working directory are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (9)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: The skill presents itself as a gasless/blockchain analysis tool, but the documented commands describe a generic local CRUD utility with persistence, deletion, export, and configuration capabilities. This mismatch is dangerous because agents or users may invoke the skill under a high-trust security-analysis context while it performs unrelated local file operations, increasing the risk of unintended data handling and abuse.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The documentation claims gasless-analysis functionality, but every listed command is for managing arbitrary entries rather than analyzing blockchain or gasless mechanisms. In a skill ecosystem, this kind of deceptive or inaccurate interface can cause inappropriate invocation and grant a misleadingly safe-looking path to local data storage and export operations.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The manifest metadata advertises blockchain/gasless analysis, while the body documents a generic entry-management CLI. This inconsistency undermines trust and can bypass user scrutiny or policy checks that rely on metadata, making the skill more dangerous than a plainly labeled local-storage tool.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Persistent local storage, deletion, and export are materially different capabilities from analyzing gasless operations and are not justified by the stated purpose. Even if not inherently malicious, these features expand the skill's ability to manipulate local data and create exfiltration paths through exports.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill is presented as a gasless-analysis tool, but the implementation is a generic local data store that can add, search, export, modify, and delete entries. This kind of capability mismatch is dangerous because users or orchestrators may grant or invoke the skill under false assumptions, enabling unintended local data persistence and manipulation unrelated to the declared purpose.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The inline documentation explicitly claims the script analyzes gasless operations, but no such analysis exists in the code. Misleading documentation is security-relevant here because it can cause operators and higher-level agents to trust and invoke a script with broader local file-management behavior than expected.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The help text advertises a blockchain/gasless-analysis utility, but the exposed commands are only generic CRUD and export operations over local files. In an agent-skill context, deceptive help/output increases the chance of misuse, inappropriate permissioning, and unnoticed local state changes because the operational surface is concealed behind an unrelated description.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation description is broad and vague, which can cause the skill to trigger in many contexts involving blockchain or security discussion without clear necessity. In combination with undocumented local data-management behavior, overbroad triggering increases the chance of accidental invocation and unintended filesystem side effects.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The documentation mentions export capability without warning users that data may be written to files, potentially creating persistent artifacts or exposing sensitive content. While lower severity on its own, the lack of warning is more concerning here because the skill is misrepresented as an analysis tool rather than a data-management utility.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal