Back to skill

Security audit

Paytoll

Security checks across malware telemetry and agentic risk

Overview

PayToll appears purpose-aligned, but it asks users to run an unpinned npm MCP server with wallet-signing access, paid automatic calls, dynamic tools, and raw X OAuth token handling.

Install only after reviewing the npm package and repository. Use a fresh dedicated Base wallet with only funds you are willing to spend, never a main wallet private key, require explicit confirmation before paid calls, and avoid sending secrets, private data, or long-lived X OAuth tokens through the Twitter or LLM tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The LLM proxy section describes sending prompts to external model providers but does not clearly warn that user prompts, conversation content, and potentially sensitive data will leave the local environment and be processed by third parties. This can lead to accidental disclosure of secrets, financial data, wallet-related information, or proprietary text when users treat the skill as local-only.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill asks for a user's OAuth access token as tool input for `twitter-post` without a clear warning that the token will be transmitted to an external service or MCP server to perform the action. Access tokens are highly sensitive credentials; if mishandled, logged, or exposed, they can enable unauthorized posting or broader account abuse depending on scopes.

Credential Access

High
Category
Privilege Escalation
Content
- Input: `username` OR `userId` (exactly one)

**`twitter-post`** ($0.015/call)
Post a tweet using the user's own OAuth 2.0 access token. Supports replies and quote tweets.
- Use when: "Post this tweet for me", "Reply to this tweet"
- Input: `text`, `accessToken` (user's OAuth token), `replyToId` (optional), `quoteTweetId` (optional)
- Note: Requires the user's own X API OAuth token with `tweet.write` scope.
Confidence
97% confidence
Finding
access token

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.