trongrid-token-scanner

Security checks across malware telemetry and agentic risk

Overview

This is a read-only TRON token research helper with no evidence of hidden access, wallet actions, persistence, or unsafe behavior.

Before installing, confirm you trust the TronGrid MCP server and any web sources the agent may consult. Do not treat a generated token safety score as financial advice, and independently verify important claims before interacting with a token.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The example instructs the agent to perform a web search for scam reports even though the described skill capabilities are limited to TRON token-analysis tools. This creates a scope mismatch that can lead the agent to use undeclared external information sources, producing inconsistent behavior, privacy/compliance issues, or expanded attack surface through ungoverned browsing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal