Utxo

Security checks across malware telemetry and agentic risk

Overview

This skill is a local static reference script with some generic finance content, but it does not access data, install dependencies, persist, or take actions on the user's behalf.

Install only as a lightweight local reference helper. Do not rely on its regulatory, financial, strategy, or risk text as authoritative UTXO guidance; verify any blockchain, compliance, or investment-related conclusions with trusted current sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill is presented as a UTXO-specific blockchain reference tool, but the exposed command set indicates broad generic finance, regulation, risk, instruments, and strategy content that is not clearly scoped to UTXO handling. This mismatch can mislead users and downstream agents into invoking the skill in inappropriate contexts, increasing the chance of incorrect financial/compliance guidance being trusted as domain-specific blockchain advice.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal