1inch

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward 1inch API client for quote and swap transaction-data generation, but users should treat any approval or swap data as financially sensitive and verify it before signing.

Install only if you intend to use 1inch quote and swap transaction-data helpers. Before signing any approval or swap, independently verify the chain, token addresses, amount, spender/router address, slippage, expected output, and gas fees. Do not give private keys to the agent; use a wallet or signing flow you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: `check_approval_needed` does not actually inspect on-chain allowance or query an allowance endpoint; it always returns `needs_approval: True`. In a trading skill, this can mislead downstream agents or users into submitting unnecessary approval transactions, increasing gas costs and potentially prompting repeated or excessive token approvals to a spender.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: `execute_swap` is named and documented as though it executes a swap, but it only prepares a pending result and optionally prints raw transaction data. This mismatch can cause callers to assume a trade has been signed and broadcast when it has not, leading to operational errors, inconsistent state handling, or accidental exposure of sensitive transaction details in logs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal