blacktea
Security checks across malware telemetry and agentic risk
Overview
The skill clearly describes a payment-control MCP server, but installing it means trusting an external package with a dedicated wallet key and limited spending authority.
Install only if you intend to let an agent make real x402 payments. Use a new, low-balance dedicated wallet, set a conservative policy with low auto-approval limits and a hard cap, test first with BLACKTEA_RAIL=mock, and review the external @nmrtn/blacktea-mcp package before providing any funded private key.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.