Back to skill

Security audit

CryptoLens

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent, but its paid billing path has contradictory pricing evidence for the compare command that users should review before installing.

Install only if you are comfortable with a paid SkillPay flow that sends your billing wallet/user ID to SkillPay and coin queries to market-data providers. Before using compare, verify the actual SkillPay charge because the artifacts conflict on whether compare costs 1 token or 5 tokens.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill metadata promises 1 token per call, but the code comments and logic indicate a different effective charge model for `compare`, creating a billing-integrity issue. In a paid skill, mismatched pricing is security-relevant because it can enable deceptive charging, user harm, and loss of trust even if the external billing service ultimately enforces pricing.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The inline comment states `compare = 5 tokens` while nearby billing code says pricing is set externally and the skill description says all commands cost 1 token. Contradictory billing declarations are dangerous because they obscure the true charge path and can conceal overbilling or make audits and user consent unreliable.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code derives a deterministic billing identifier from hostname, OS username, and home directory, which are host-identity attributes unrelated to crypto analysis. This creates an unnecessary fingerprint that can track a machine across sessions and leaks environment-derived identity data to a third-party billing service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Automatic collection of host-derived identity data without an immediate runtime warning or consent is a privacy and transparency failure. Because the derived ID is stable, it can be used for cross-session tracking and may expose sensitive operational context about the environment using the skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The billing request sends `user_id` to a third-party service without explicit runtime disclosure, and in this skill that identifier may be user-supplied or host-derived. Silent transmission of identifiers to an external payment provider is risky because it can violate user expectations, privacy requirements, or platform data-handling rules.

Unpinned Dependencies

Low
Category
Supply Chain
Content
matplotlib>=3.5.0
numpy>=1.20.0
Confidence
95% confidence
Finding
matplotlib>=3.5.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
matplotlib>=3.5.0
numpy>=1.20.0
Confidence
98% confidence
Finding
numpy>=1.20.0

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
78% confidence
Finding
numpy

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.