Back to skill

Security audit

Warren NFT Deploy(mainnet)

Security checks across malware telemetry and agentic risk

Overview

This NFT deployment skill appears purpose-built, but it should be reviewed because it can make irreversible mainnet wallet transactions and sends wallet-linked collection metadata by default.

Install only if you are comfortable giving it a wallet private key and letting it make irreversible MegaETH mainnet transactions. Use a fresh wallet funded only with the ETH needed, prefer PRIVATE_KEY in the environment rather than --private-key, review collection parameters and contract addresses first, and assume Warren registration will send wallet-linked collection metadata by default.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill declares no explicit permissions while clearly requiring sensitive environment access (`PRIVATE_KEY`) and outbound network access (`RPC_URL`, `REGISTER_API`). This under-declaration weakens user consent and reviewability, making it easier for a user to invoke a skill that can spend funds and transmit metadata without an accurate permission signal.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose focuses on NFT deployment, but the skill also performs additional behaviors: auto-minting/checking access NFTs, generating content locally, and POSTing collection and owner-linked metadata to an external API. This mismatch is dangerous because users may authorize blockchain transactions and network activity under incomplete expectations, especially where optional registration leaks wallet-linked deployment metadata to a third party.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script sends deployment metadata, including ownerAddress, NFT address, collection details, and pricing, to an external web API after the on-chain actions complete. This is not disclosed prominently in the primary workflow description, so users may reasonably believe the action is fully on-chain and local when it also performs off-chain data exfiltration to a third party.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
If the wallet lacks the expected prerequisite NFT, the script automatically calls botNft.mint(), changing wallet state and consuming gas without an explicit confirmation step. Even if the mint is described as free, it is still an on-chain transaction with cost and side effects that exceed a user's likely expectation for a deployment helper.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script automatically submits a blockchain transaction to mint a prerequisite key NFT without obtaining explicit runtime approval from the user. In a wallet-handling deployment tool, any automatic state-changing transaction is dangerous because it can spend gas, alter wallet holdings, and normalize hidden side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Immediately after contract deployment, the script calls setMintState(2) to open public minting without user confirmation. This changes the security and sale posture of the newly deployed collection, and if the user intended to review configuration first, the automated transition could expose the collection prematurely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script transmits collection metadata, pricing, ownerAddress, and contract identifiers to an external API without clear upfront notice in the user-facing interface. In the context of a deployment skill that already handles a private key and wallet-linked actions, undisclosed off-chain transmission increases privacy and trust risks.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"license": "ISC",
  "type": "commonjs",
  "dependencies": {
    "ethers": "^6.16.0"
  }
}
Confidence
87% confidence
Finding
"ethers": "^6.16.0"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
deploy-nft.js:22