Security audit

gate-info-riskcheck

Security checks across malware telemetry and agentic risk

Overview

This is a read-only crypto token and address risk-checking skill with clear limits and no packaged executable code.

Install only if you trust the configured Gate-Info MCP service and the shared Gate runtime-rule files in your environment. Treat address-risk mode as limited basic address information, not a full compliance or safety verdict, and do not rely on any automated token report as a guarantee that an asset is safe.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger examples for address-risk mode are broad enough that ordinary safety questions containing an address could be routed into this skill even when the user may want broader investigation. Because the metadata says address-risk mode is exclusive and must not be routed elsewhere, misrouting can suppress more appropriate multi-dimensional analysis and lead to incomplete security guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.