查看每日热门山寨代币

Security checks across malware telemetry and agentic risk

Overview

This skill appears to generate a cryptocurrency report from public market data, with minor transparency cautions around Feishu delivery and optional news-source use.

Install only if you are comfortable with the skill fetching public CoinGecko data, creating temporary local files, and sending the finished report through Feishu. Confirm the Feishu recipient or chat before sending, and avoid including private knowledge-base notes unless that sharing is intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill instructs use of shell commands and writes files under /tmp without declaring those capabilities. Undeclared execution and file-write behavior weakens reviewability and permission boundaries, making it easier for a seemingly simple reporting skill to perform actions operators did not explicitly approve.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The documented behavior diverges from the declared purpose: it generates HTML instead of a PDF directly, includes non-CoinGecko content from a knowledge base or hardcoded commentary, and claims Feishu delivery without implementation details. This mismatch is dangerous because users and reviewers may authorize the skill based on a narrower description while it accesses additional data sources or performs extra actions.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The metadata says the skill's data source is CoinGecko, but the instructions also require reading industry news from a knowledge base and sending the result externally. Hidden data sources and sinks expand trust boundaries and can expose internal or user-associated content beyond what the user would expect from a market-data reporting skill.

Context-Inappropriate Capability

Medium

Confidence: 80% confidence
Finding: Sending the generated report to Feishu introduces an external messaging channel that is not strictly necessary to produce a daily token report. Any external transmission increases the risk of unintended disclosure, especially if the report includes internal news, user-specific context, or other non-public content.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill directs sending the PDF via Feishu without a user-facing warning or explicit consent flow for external transmission. Even if the report is routine, silently moving content to a third-party service can leak data and violates the principle of transparent data handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal