Back to skill

Security audit

Decanus Escrow

Security checks across malware telemetry and agentic risk

Overview

This escrow skill matches its stated purpose, but it gives an agent raw wallet-signing authority for value-moving onchain actions without enough user-control and secret-safety guidance.

Install only if you are comfortable letting this MCP server sign escrow transactions from the configured wallet. Use a dedicated low-balance Base Sepolia wallet, avoid primary or production private keys, keep the key out of shared configs and logs, pin and review the npm package before use, and manually verify every escrow ID, address, amount, network, and transaction before approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to provide a raw `PRIVATE_KEY` via environment variable and inline configuration examples, but gives no warning about secret handling, wallet isolation, test-only usage, or the risk of exposing signing authority through shell history, logs, process listings, or copied config files. Because this server performs onchain write actions, compromise of that key can directly enable unauthorized escrow creation, acceptance, completion, or other fund-affecting transactions from the controlled account.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes multiple irreversible onchain escrow operations involving deposits, stake burning, refunds, and releases, but does not provide a clear upfront warning that these actions move real value and may permanently lock or destroy funds if the wrong escrow ID, amount, address, or timing is used. In this context, the danger is elevated because the tool is specifically built to execute escrow state transitions, and mistakes are harder to reverse than in informational or read-only skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.