Back to skill

Security audit

gate-info-coincompare

Security checks across malware telemetry and agentic risk

Overview

This is a read-only cryptocurrency comparison skill that uses documented Gate Info market and coin data tools without requesting credentials or local file access.

Install this only if you are comfortable using the Gate Info MCP provider. Treat outputs as informational crypto comparisons, not financial advice, and avoid putting private portfolio, account, or trading details into prompts unless you intend them to be used in the comparison.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The MCP spec materially expands the skill from simple coin comparison into ranking and technical-analysis workflows that are not declared in the manifest context. This creates a scope mismatch: an orchestrator or reviewer may approve the skill for limited comparison behavior while the hidden spec authorizes broader analytical actions and output claims, increasing the chance of unauthorized tool use and misleading users about the skill’s actual capabilities.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The tool list includes `info_coin_get_coin_rankings` and `info_markettrend_get_technical_analysis`, which are not reflected in the manifest-declared MCP tools. Undeclared tool access is dangerous because it bypasses the principle of least privilege and can let the skill perform additional data collection, inference, and recommendation-like analysis that operators and users did not authorize or expect.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description and frontmatter use broad trigger phrases like 'compare', 'vs', and 'which is better' without tightly constraining that they apply only to cryptocurrency assets. In an agentic routing system, this can cause unintended activation on unrelated user requests, leading to wrong tool usage, irrelevant data retrieval, and degraded trust or workflow safety.

Vague Triggers

Low
Confidence
89% confidence
Finding
The trigger scenarios remain ambiguous because they define positive keyword matches but do not include exclusion logic for generic comparisons outside the crypto domain. This increases the chance of accidental routing, especially for phrases like 'X vs Y' that are common in normal conversation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.