Security audit

check-hymx-transaction

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised job: it sends a user-provided transaction hash to a Hymatrix bridge status API and returns the result.

Install this only if you are comfortable sending transaction hashes you provide to the Hymatrix bridge scan API. The reviewed files do not show broader local access, credential use, persistence, or data modification.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill declares a command that runs local Node.js code (`node script/index.js`) and is described as checking bridge transaction status, which implies outbound network access, yet no permissions are declared. This creates a transparency and policy-enforcement gap: users and the hosting agent may not have an explicit opportunity to authorize or constrain network use, making unintended external requests and data disclosure harder to detect or govern.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger says to use the skill when a user provides a transaction ID or hash and asks for related information, which is broad enough to cause over-invocation. In an agent setting, ambiguous activation can route unrelated hashes or identifiers to this skill, causing unnecessary external lookups, privacy leakage, or incorrect tool use when the user did not intend to query the Hymatrix bridge.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: The skill text instructs usage based on a Chinese-language trigger description, which can bias interaction behavior toward Chinese without confirming the user's language preference. While not a direct code-execution flaw, this can degrade consent and clarity, increasing the chance of misunderstanding sensitive transaction information or activating the skill under conditions the user did not clearly intend.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.