Back to skill

Security audit

Etherlink Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Etherlink blockchain helper, but it asks users to run code and expose a wallet private key for real transactions without enough guardrails.

Install only if you are comfortable running the MCP server code and giving it a wallet key that can sign Etherlink transactions. Use a dedicated low-value wallet, test on shadownet first, pin and review the package you run, and do not use a primary wallet or key with funds you cannot afford to lose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill instructs the user to launch a local MCP server via the `bun` command and a TypeScript entrypoint, which is effectively shell/code execution capability, but the skill does not declare permissions or clearly bound that capability. Undeclared execution capability increases the chance that users or orchestration systems grant broader trust than warranted, especially because the server is configured with a live private key for blockchain actions.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation mislabels Etherlink’s native asset and transfer semantics as XTZ even though Etherlink is EVM-compatible and uses ETH-denominated balances and native transfers. This can mislead users into signing or funding the wrong asset assumptions, causing failed transactions, operational mistakes, or accidental value loss when performing write operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill includes a direct example for sending XTZ on mainnet-capable infrastructure without warning that blockchain transactions are irreversible and can move real funds. In a blockchain skill context this is especially dangerous because the same interface supports both testnet and mainnet, making accidental real-value transfers plausible.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill tells users to place an `EVM_PRIVATE_KEY` in environment variables but provides no warning about secret handling, exposure risks, or safer alternatives. Because this key can authorize blockchain transactions, compromise of the environment, logs, shell history, or process inspection could lead to direct theft of funds or unauthorized contract interactions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.