Back to skill

Security audit

Locus

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed crypto-payment skill, but it needs careful review because it gives an agent wallet-connected payment and token-approval capabilities with broad activation and persistent credentials.

Install only if you intentionally want an agent to use a wallet-connected crypto payment service. Use a least-privilege Locus API key with spending limits and whitelisted recipients where possible, manually verify every recipient, amount, token, chain, and token approval, avoid unlimited allowances, and know how to remove the mcporter Locus config or revoke the key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises payment sending and token approval capabilities without any explicit warning that these actions can be irreversible, financially consequential, or require deliberate human confirmation. In a skill designed for AI agents to process payments, this omission increases the chance that users enable powerful financial actions without understanding the risk of accidental transfers or excessive token allowances.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manual setup instructions tell users to place a bearer API key directly into configuration without clearly warning that it is a sensitive credential tied to wallet permissions. Because this skill enables payment operations, mishandling or exposing the token could allow unauthorized balance access, transfers, or approval actions within the granted permission scope.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description tells the agent to use Locus for broadly defined payment actions, including processing payment-related actions from emails. Overly broad activation criteria can cause the agent to invoke a high-risk payment skill in ambiguous situations, increasing the chance of unintended wallet access, payment setup, or transaction preparation based on weak user intent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The setup instruction says to trigger configuration when the user asks about setup, payments, or 'anything payment-related', which is ambiguous and too expansive for a capability that can connect wallets and enable crypto transfers. In practice, this could make the agent steer normal finance discussions or inbox triage into credential collection and payment tooling setup without sufficiently clear user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script prompts for a Locus API key and stores it in mcporter configuration as an Authorization header, but it never clearly warns the user that the secret will be persisted locally. This can lead users to enter a production wallet-linked credential without understanding its storage location, retention, or exposure surface, increasing the risk of credential theft from local config files, backups, or shared environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.