LYRA Coin Launch Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it guides public token-launch workflows and persistent monitoring/bookmark updates without a strong final approval and scoping gate.

Review before installing. Use it only if you are comfortable with an agent assisting token-launch operations, require explicit final approval before any !clawnch post, inspect the exact wallet and token metadata, and enable the cron/bookmark steps only deliberately.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill describes and instructs use of network access, local file writes, and shell/Python execution, but it does not declare permissions. This creates a transparency and consent problem: a user or orchestrator may invoke the skill expecting a documentation-only workflow while it can read/write local state and reach external services.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The skill claims a 'safe' token launch and canonical receipt workflow, but the documented behavior is narrower, partially hardcoded, and does not actually perform several promised actions such as launching tokens or reliably recording tx hashes. In a financial/token-launch context, this mismatch is dangerous because users may make launch, verification, or bookkeeping decisions based on incomplete or misleading automation.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The instructions direct the agent to write receipt and summary files into local state/reference paths without an explicit warning or confirmation step. While the writes appear expected for the workflow, silent local modification can still overwrite data, create misleading records, or violate least-surprise principles.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The bookmark step modifies BOOKMARK BRAIN local reference data without clearly warning the user that persistent bookmarks will be added or changed. Even low-risk persistence can pollute shared knowledge stores, create stale references, or surprise users in multi-project environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal