Numinous Forecast

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it can automatically sign paid forecast requests using a configured crypto wallet key without an artifact-level spending cap or per-call confirmation.

Review carefully before installing. Use only a dedicated low-balance wallet, not a primary wallet; confirm Numinous pricing and x402 payment terms; avoid letting an agent make repeated forecast calls without a budget or confirmation rule; and do not submit sensitive business, personal, or unreleased questions unless you are comfortable sending them to the external forecasting service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill requires environment secrets and outbound network access, but it does not explicitly declare permissions for those capabilities. This creates a transparency and governance gap: users or orchestrators may invoke the skill without realizing it can access private keys and make paid external requests, increasing the risk of secret exposure, unintended spending, or policy bypass.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The file accesses EVM and Solana private keys from environment variables and uses them to create payment signers, which expands the skill from simple forecast retrieval into blockchain payment execution. Even if intended for x402 payments, handling wallet secrets is a sensitive capability that can authorize on-chain spending and is broader than the manifest description suggests.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code reads private-key environment variables without any warning, consent flow, or local disclosure in this file. In agent environments, silent access to high-value secrets is risky because operators may not realize this skill can consume wallet credentials and sign payment requests.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill performs outbound network requests and may automatically retry with a payment signature after receiving a 402 challenge, but there is no user-visible disclosure or confirmation in this file. That creates a risk of unintended external data transfer and unintended paid actions when the skill is invoked.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This CLI sends the user's natural-language query and optional topics to an external prediction service via predict_job without any explicit warning, consent step, or masking in this file. Forecasting queries may contain sensitive business, personal, or unreleased information, so silent transmission to a third-party service creates a real privacy and data-handling risk even if the functionality is intentional.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal