Byreal Cli

Security checks across malware telemetry and agentic risk

Overview

This skill is mainly a Byreal analytics helper, but it also documents wallet-backed write actions that could affect funds while the public framing emphasizes read-only analytics.

Install only if you trust the Byreal npm package and intend to use it for Byreal/Solana DEX work. Use read-only analytics normally, but treat wallet setup and any command using --confirm as a financial action: inspect the dry-run output and approve it yourself every time. Avoid the CLI self-update path in sensitive environments unless you have reviewed or trust the new release.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The skill is presented as a data/analytics CLI, but its documentation explicitly includes transactional write flows, wallet setup, dry-run/confirm semantics, and financial-risk guardrails. That mismatch can cause an agent or user to invoke the skill under the assumption it is read-only, when it may actually facilitate state-changing blockchain actions with monetary consequences.

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: Describing the tool as 'mostly read-only' while also documenting write-command behavior creates ambiguous trust boundaries for an agent. In an autonomous or semi-autonomous environment, that ambiguity increases the chance of unsafe command selection, especially when the tool can interact with wallets and submit transactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal