Warren - On-Chain Website Deploy

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: deploy user-provided content to a MegaETH testnet, but it handles a wallet key and creates permanent public blockchain records.

Use a fresh burner MegaETH testnet wallet only, never a valuable or mainnet wallet key. Prefer a temporary PRIVATE_KEY environment variable over --private-key, install dependencies in an isolated folder, and deploy only content you are comfortable making public and effectively permanent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill instructs users to supply a blockchain private key through an environment variable or CLI argument, but it declares no corresponding permissions or sensitivity around env access. In an agent setting, undeclared secret handling is dangerous because the skill can induce exposure of wallet credentials and authorize irreversible on-chain transactions paid by the agent's wallet.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script allows a private key to be passed via the --private-key CLI argument, which can expose the secret through shell history, process listings, CI job logs, and system monitoring tools. Because this skill is specifically designed to sign blockchain transactions with the user's wallet, accidental key disclosure can directly lead to wallet compromise and unauthorized spending.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal