gate-info-riskcheck

Security checks across malware telemetry and agentic risk

Overview

This is a read-only crypto risk-check skill that clearly discloses its main limitation: address safety checks only provide basic on-chain information for now.

Install this if you want read-only Gate-Info token and contract risk reports. Treat address results as basic on-chain information, not a blacklist, compliance, or definitive safety verdict, until the missing address-risk capability is actually available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger examples are overly broad and can match common user phrasing outside the narrowly intended scope, increasing the chance this skill activates when the user actually needs a broader research workflow. In this context, misrouting is security-relevant because users may receive incomplete risk analysis or bypass the intended multi-dimension skill-selection boundary described in the metadata.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The address-check triggers are ambiguous and especially the phrase about a 'blacklisted address' implies compliance/risk capabilities that the scenario later says are not actually available. This can cause unsafe over-triggering, user confusion, and reliance on incomplete address information for compliance-style decisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal