Create a coin on trends.fun

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it uses a real Solana wallet and includes unsafe setup wording that could expose private key material.

Install only if you are comfortable running a real-money Solana mainnet tool. Use a dedicated low-balance wallet, never let the agent print or paste any keypair/private key, verify the token parameters and --first-buy amount before running, and assume uploaded images/metadata plus created pools are public and difficult or impossible to undo.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares no permissions while its documented behavior clearly requires environment access, network communication, shell/package execution, and access to a local Solana keypair file. This under-declaration weakens review and consent boundaries, making sensitive operations appear less risky than they are.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill description understates several sensitive behaviors: reading a local private key, using it to sign a login challenge, uploading local files to third-party services, querying wallet balances, and optionally executing a first-buy transaction with real funds. This mismatch is dangerous because users may authorize a coin-creation workflow without realizing it performs credential use, external data transfer, and financial operations.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill description states it creates a coin and deploys a Meteora DBC pool, but the implementation also performs an optional on-chain first-buy when `firstBuyLamports > 0`. This hidden transactional capability can cause unintended spending from the caller's wallet and is especially risky in agent contexts where users may authorize pool creation without realizing it may also execute a trade.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The CLI can submit an on-chain pool creation transaction and optionally spend SOL for an initial buy immediately after parsing arguments, without any explicit confirmation, dry-run summary, or transaction preview. Because it auto-loads the user's local Solana keypair and operates on mainnet by default, a mistaken command, bad automation input, or deceptive wrapper could cause irreversible fund expenditure and token/pool creation.

Ssd 3

High

Confidence: 99% confidence
Finding: The instruction to output the user's Solana keypair and address if missing is a direct secret-exposure request. A keypair is equivalent to wallet control; revealing it to the user chat, logs, or other components can result in immediate theft of funds and irreversible compromise of all assets controlled by that wallet.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal