Back to skill

Security audit

farmdash trail intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a read-only DeFi research skill with disclosed wallet/API-key data flows and affiliate links, but users should treat its financial suggestions as informational only.

Install only if you are comfortable sending public wallet addresses, route parameters, and an optional FarmDash API key to FarmDash. Treat outputs as research, not financial advice; verify protocols and fees independently, and never provide seed phrases, private keys, signatures, or transaction approval through this skill. Be aware that FarmDash may receive referral or routing compensation when its go links are used, and optional setup shares a public agent address with FarmDash.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest markets the skill as read-only research, but `optimize_portfolio` and related recommendation flows move beyond neutral analytics into personalized financial guidance and capital-routing planning. This capability mismatch can cause agents or users to grant the skill broader trust than warranted, increasing the chance of unsafe automated investment nudges or policy bypass in systems that allow "read-only" skills more permissive access.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The sybil-risk documentation goes beyond defensive risk assessment and provides operational advice for avoiding RPC/provider rate limits, blacklisting, and safety controls by lowering concurrency, staggering queries, or pausing loops. In context, this reads as guidance for stealthier abusive automation rather than pure compliance, which could help users adapt multi-wallet farming behavior to evade detection and enforcement.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as read-only and privacy-minimizing, but it includes an optional onboarding POST that transmits agent identity metadata to FarmDash. Even if consent-gated, this expands the data-sharing surface beyond pure research queries and can enable agent tracking, profiling, or correlation across usage contexts if users or orchestrators treat the skill as strictly passive.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document claims the disclosure table is the complete list of transmitted data, but later introduces additional onboarding metadata (`agentAddress` and a skill-identifying header). This is dangerous because users and downstream agents may rely on the earlier completeness claim when making trust decisions, resulting in underinformed consent and unexpected identity leakage.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The manifest description is broad enough to invite generic invocation for DeFi intelligence without clearly limiting when wallet analysis, protocol ranking, routing previews, or personalized recommendations should be used. In agent ecosystems, vague trigger language can cause over-invocation on sensitive financial prompts, leading to unnecessary wallet analysis, persuasive affiliate steering, or unsafe reliance on speculative outputs.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.