NEAR Phishing Detector

Security checks across malware telemetry and agentic risk

Overview

This is a small local NEAR phishing helper that scores URLs and contract names without hidden network, credential, file, or persistence behavior.

Install with ordinary npm supply-chain caution. Treat results as heuristic assistance rather than definitive phishing determinations, and verify high-risk NEAR links or contracts through official channels before taking action.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill exposes commands that likely perform URL, contract, reporting, and scam-database lookups, which implies network access, but the manifest does not declare any corresponding permissions. This creates a transparency and policy-enforcement gap: users and hosting platforms cannot accurately assess or constrain what external communication the skill may perform, which is especially sensitive in a phishing-analysis tool that may contact remote services or transmit investigated indicators.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal