Back to skill

Security audit

BNBCHAIN Protocol & Matrices Analysis — Powered by ClipX

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Python client for BNB Chain analytics that contacts a private ClipX API, with no evidence of hidden local access, persistence, credential theft, or destructive behavior.

Install only if you are comfortable running a small Python client that sends selected BNB Chain analytics requests, and any wallet address you query, to the private ClipX API. Treat returned market data and announcements as third-party content and verify important financial decisions elsewhere.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes a local Python CLI, can read environment variables, and makes outbound network requests, yet these capabilities are not explicitly declared as permissions. This weakens reviewability and user consent because a supposedly simple data skill actually has shell, env, and network reach, increasing the chance of unnoticed data exfiltration or unsafe command execution in a broader agent environment.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The declared description says the skill is a thin client returning text-only JSON metrics, but the documented behavior includes subprocess-based rendering, pass-through formatted output, live-refresh behavior, and extra utility modes. This mismatch is security-relevant because reviewers and users may underestimate the execution surface and trust level of the skill, enabling higher-risk behavior under a low-risk description.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README instructs users to invoke the skill with very broad trigger phrases like "clipx" or "bnbchain." In an agent environment, generic triggers can cause unintended activation during unrelated conversations about BNB Chain, leading the agent to call this skill unexpectedly and send user context to the remote API. The private remote backend makes accidental activation more sensitive because requests leave the local environment.

Vague Triggers

Low
Confidence
86% confidence
Finding
The usage instructions describe how to invoke the skill but do not define clear boundaries for when it should or should not run. Without specificity or negative examples, an agent may over-match ordinary user discussion and trigger the skill inappropriately. While this is mainly a safety/UX issue, it can still cause unintended remote requests and disclosure of user prompts to the private API.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README emphasizes that the client is a thin wrapper and that backend logic is private, but it does not prominently warn users that their requests are transmitted to a private third-party API. This lack of transparency can mislead users about data handling and privacy expectations, especially in an agent context where portions of user prompts may be forwarded off-platform.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Using a broad activation trigger like 'bnbchain' can cause the skill to activate on ordinary conversation about BNB Chain, not just explicit requests to use the tool. In an agent system, that can lead to unexpected command execution, unsolicited network access, and confusion about when external data sources are being queried.

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
Uses API `binance_announcements` — Top 10 newest announcements.

**Display rules:** Run the command, take the stdout output, and output it exactly as received. Do NOT wrap in a code block. The API returns plain markdown with:
- Bold header: **📢 Binance Announcements**
- 🔸 diamond bullet before each announcement
- Blank line after each item
Confidence
91% confidence
Finding
Display rules

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.