XPR Lending (LOAN Protocol)

Security checks across malware telemetry and agentic risk

Overview

This XPR lending skill appears purpose-built for LOAN Protocol, but it can sign real mainnet financial transactions with private-key environment variables that the manifest does not declare.

Install only if you are comfortable giving this skill signing access for real XPR mainnet lending transactions. Use a dedicated or limited-permission XPR account if possible, verify every market, token, amount, borrower, and collateral/liquidation risk before setting confirmed=true, and do not provide XPR_PRIVATE_KEY or XPR_ACCOUNT unless you trust the publisher and runtime.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The manifest exposes high-impact financial actions such as borrowing, repaying, redeeming, withdrawing collateral, and claiming rewards without any explicit user-facing warning, risk disclosure, or indication that these operations move assets and can change debt/collateral state. In a DeFi lending context, this increases the chance that an agent or user invokes destructive or irreversible actions without informed consent, potentially causing loss of funds, liquidation risk, or unintended position changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal