Security audit

Web3 Yield Automator

Security checks across malware telemetry and agentic risk

Overview

This package advertises paid automatic DeFi fund management, but the included code is only a stub and does not clearly define wallet permissions, transaction risks, or safety controls.

Review carefully before installing or paying. Do not connect wallets, grant token approvals, provide seed phrases or private keys, or rely on the automation claims unless the publisher provides complete reviewed code, verified package provenance, explicit wallet-permission documentation, dry-run behavior, per-transaction confirmations, spending limits, and revocation instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The skill markets itself as an automated DeFi yield farming tool, but the implementation only prints promotional placeholder text and performs no farming, compounding, rebalancing, or fund movement. In a financial automation context, this deceptive mismatch is dangerous because users may rely on false capabilities, make financial decisions based on nonexistent automation, or be socially engineered into paying for a 'premium' version with unclear trust boundaries.

Intent-Code Divergence

Low

Confidence: 84% confidence
Finding: The command describes initialization as 'read-only mode,' but it persists wallet addresses to a local config.json file. While wallet addresses are public identifiers rather than secrets, this is still a trust and transparency issue because the code performs local state modification contrary to user expectations, which is especially sensitive in a Web3 tool handling financial identities.

Missing User Warnings

High

Confidence: 93% confidence
Finding: The skill advertises direct smart-contract integration, multi-wallet management, auto-compounding, and cross-chain yield farming with 'zero manual intervention' but omits any warning about irreversible blockchain transactions, smart contract risk, bridge risk, wallet compromise risk, or loss of funds. In a DeFi context, encouraging unattended fund movement without explicit risk disclosure is particularly dangerous because users may authorize automation that can rapidly cause unrecoverable financial loss.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The setup instructions culminate in a command to 'start automation' across multiple chains without warning that this could initiate real wallet-affecting activity. In a financial automation skill, presenting operational commands without transaction-risk disclosure or confirmation steps can mislead users into running actions they do not understand, potentially exposing assets to irreversible transfers, approvals, or strategy errors.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal