Back to skill

Security audit

Defi Scout

Security checks across malware telemetry and agentic risk

Overview

This DeFi skill makes disclosed read-only market and blockchain lookups, with no evidence of hidden transactions, exfiltration, or destructive behavior.

Install only if you want an agent to run live DeFi lookups against external services. Avoid using it for private wallet analysis unless you are comfortable sending public wallet addresses to RPC/API providers, and treat swap, bridge, yield, and liquidation outputs as informational rather than execution advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documents executable scripts that use outbound network access and at least one environment variable (`CMC_API_KEY`), but no permissions are declared. That creates a transparency and policy-enforcement gap: an agent or reviewer may assume the skill is passive documentation while it can actually make external calls and read secrets from the environment. In an agent setting, undeclared capabilities increase the risk of unintended data egress, secret exposure, or execution in contexts that would otherwise deny those capabilities.

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The manifest promises a certain class of DeFi intelligence but the documented behavior extends into bridge quoting, Aave account health analysis, and CoinMarketCap sentiment, while omitting some advertised capabilities like TVL and airdrop farming implementation. This mismatch is dangerous because agents may invoke the skill under incorrect assumptions, leading to over-trust, unsafe financial guidance, or execution of capabilities outside the reviewed/expected scope. In a finance-oriented skill, scope confusion is especially risky because users may act on incomplete or mislabeled outputs.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger description is broad enough to match ordinary financial conversation, causing the skill to auto-activate for generic prompts about prices, wallets, yields, or chains. Unintended invocation increases the chance that an agent will perform external network lookups, process wallet addresses, or provide financial outputs when the user did not explicitly request this tool. In a DeFi context, that can lead to privacy issues, unnecessary external calls, and unwarranted financial recommendations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.