Token Scan

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it sends a user-provided token contract address to CertiK for risk analysis and asks the agent to summarize the result.

Install only if you are comfortable running a local Python script or curl command that sends the token chain and contract address to CertiK's API. Treat the output as third-party risk-analysis data, not a guaranteed security audit or investment recommendation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill explicitly requires outbound HTTPS access to `open.api.certik.com` and provides executable Python and `curl` paths, but no corresponding permission declaration is present in the skill metadata. This creates a transparency and policy-enforcement gap: runtimes or reviewers may treat the skill as less privileged than it really is, increasing the chance that network access is granted or used without proper user awareness and governance.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill metadata promises a structured token-risk summary, but the implementation simply returns raw API JSON. In an agent setting, this contract mismatch can cause downstream components or users to misinterpret unvalidated fields, omit expected risk indicators, or trust incomplete output as a finalized security assessment.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal