KaspaCom Lending MCP

Security checks across malware telemetry and agentic risk

Overview

Review before installing: this is a coherent KaspaCom lending helper, but it includes real supply, borrow, and repay commands without clear confirmation or risk guidance.

Install only if you trust the KaspaCom CLI/MCP package and understand the wallet risk. Treat supply, borrow, and repay as high-impact actions: confirm the wallet, network, token, amount, health factor impact, and expected transaction result before signing, and prefer read-only market or position checks unless you explicitly intend to transact.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly includes transaction-capable commands for supplying, borrowing, and repaying assets on-chain, but it does not warn users that these actions can move funds, create debt, or change collateralization state. In an agent setting, the lack of a prominent warning increases the chance that a user or downstream system treats these examples as routine safe operations, leading to unintended financial loss or liquidation risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal