Coinbase

Security checks across malware telemetry and agentic risk

Overview

This Coinbase skill is a disclosed read-oriented connector for listing or fetching account records, with some broad routing language users should understand before installing.

Install only if you want an agent to access Coinbase account metadata through your connected OOMOL account. Treat Coinbase data as sensitive financial information, confirm the exact account lookup being requested, and do not use this skill as blanket authorization for trading, transfers, or other state-changing Coinbase operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The manifest says the skill is for 'searching and reading data,' but the body includes guidance for create/update/send/post/delete-style operations. This mismatch can mislead downstream agents or reviewers into granting broader trust to the skill than its declared scope warrants, increasing the chance that future state-changing actions are invoked without appropriate scrutiny.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The instruction to use this skill for 'ANY Coinbase request' is overly broad and can cause automatic invocation for vague or tangential Coinbase mentions. In an agentic environment, overly permissive routing increases unintended connector use, unnecessary access to sensitive financial data, and reduced user-intent verification.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal