trongrid-trx-info

Security checks across malware telemetry and agentic risk

Overview

This skill provides read-only TRX market and blockchain analysis, with only a minor activation-scope caution.

Install only if you want TRX token analysis. Be aware it may perform public web and TronGrid lookups when invoked, and treat any crypto price or yield output as informational rather than financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The example trigger, "How is TRX doing? What's the current price and supply?", is broad and closely resembles ordinary user conversation, making it likely to activate the skill in situations where the user may only want a simple conversational answer. Because the documented workflow includes external web search and multiple tool calls, an over-broad trigger can cause unnecessary tool invocation, expanded data exposure, and unintended autonomous behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal