Back to skill

Security audit

MoonPay Commerce (Helio) Accept Crypto Payments

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for MoonPay Commerce payments, but it handles payment credentials and can immediately enable or disable live Pay Links, so it should be reviewed before use.

Install only if you intend to let an agent help operate a MoonPay Commerce/Helio merchant account. Run setup in a trusted terminal, avoid sharing terminal logs or screenshots, use the least-privilege API key available, verify amounts and Pay Link IDs before create/disable/enable commands, and clear the saved config when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill invokes shell-based tooling (`bash`, `curl`, `jq`) and setup scripts while the static finding indicates no declared permissions for shell/code execution. In an agent environment, undeclared execution capability reduces transparency and can lead to unexpected command execution paths, especially when handling API credentials and network calls.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script exposes disable/enable operations for Pay Links even though the skill description only advertises payment creation and transaction queries. That scope mismatch is security-relevant because users or higher-level agents may invoke undeclared state-changing functionality that can disrupt payment collection or unintentionally reactivate links.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Disable and enable perform immediate remote state changes with no confirmation, dry-run, or warning beyond a status message. In an agent context, this increases the chance of accidental or prompt-induced disruption of active payment links, causing denial of service to payment intake or unintended reopening of links.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.