Defillama Data Aggregator

Security checks across malware telemetry and agentic risk

Overview

This is a read-only DefiLlama data CLI with disclosed public API calls, though users should avoid its optional IP-direct HTTPS mode because it disables certificate checks.

Install only if you are comfortable with npm dependencies and public DefiLlama requests. Use the default domain-based configuration, do not enable IP-direct HTTPS mode, and do not rely on this tool alone for financial decisions because upstream or network data quality can affect results.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares no explicit permissions, yet its own metadata and documentation indicate it requires environment access and makes outbound network requests. This creates a transparency and governance gap: users and security tooling may underestimate what the skill can access or transmit, which is especially important for an agent skill that executes code and contacts external APIs.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The IP-direct HTTPS path unconditionally creates an https.Agent with rejectUnauthorized: false, which disables TLS certificate validation and permits man-in-the-middle interception or spoofing of supposedly secure API traffic. In a DeFi data aggregator, tampered upstream data can mislead downstream users, automation, or analytics with false protocol, TVL, or yield information.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The constructor exposes a rejectUnauthorized configuration field suggesting certificate verification behavior is controllable, but the IP-direct HTTPS branch ignores it and always disables verification. This mismatch is dangerous because operators may believe TLS validation is enabled when it is not, leading to insecure deployment under false assumptions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal