web3-data-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Chainbase Web3 data lookup helper with expected external API use and no evidence of hidden persistence, destructive behavior, or off-purpose data access.

Install this if you want an agent to query public blockchain data through Chainbase. Use a scoped Chainbase API key if you set CHAINBASE_API_KEY, and review broad custom SQL or raw endpoint requests before running them, especially if wallet addresses or query logic are sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill explicitly instructs the agent to invoke a shell script (`scripts/chainbase.sh`) and construct command-line arguments, but no corresponding permission declaration is present. This creates a governance and containment gap: a caller may trigger shell execution paths without the skill being transparently scoped or reviewed as a code-executing capability.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger text is very broad and can match many generic blockchain-related requests, causing the skill to activate in contexts beyond narrowly intended on-chain lookups. Because this skill can lead to shell-based API calls and SQL query generation, overbroad routing increases the chance of unnecessary tool use, mishandling ambiguous user intent, or exposing downstream attack surface from loosely matched prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal