Back to skill

Security audit

mcp-crypto-data

Security checks across malware telemetry and agentic risk

Overview

This is a read-only crypto data MCP skill whose network use fits its purpose, though its documentation has package, tool-name, and environment-variable mismatches.

Before installing, verify the intended npm package name, consider pinning the npx package version, and use NAUTDEV_BASE_URL if you need to override the API endpoint. Be aware the README says API requests may be metered through L402 micropayments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares operational capabilities that require environment variables and outbound network access, but it does not explicitly declare permissions for those sensitive actions. This creates a trust and review gap: agents or operators may approve the skill without realizing it can access configured environment data and communicate with external services, increasing the risk of unintended data exposure or unauthorized network interactions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
dist/index.js:7

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/index.ts:7