Back to skill

Security audit

Clicks Protocol

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Clicks Protocol DeFi skill whose included script only performs disclosed read queries, but wallet-enabled SDK or MCP use can move real USDC.

Reasonable to install for Clicks Protocol read queries. Treat the optional SDK and local MCP server as financial tooling: use a dedicated low-balance wallet, review/pin external npm packages, verify contract addresses, and require explicit human approval before any deposit, withdrawal, registration, yield-setting change, or other signed transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises executable shell commands and external network interaction via curl/jq and scripts, but does not declare corresponding permissions or trust boundaries. In an agent ecosystem, this can cause the host to under-enforce safeguards, leading operators to run networked commands they did not explicitly authorize.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section describes write-capable treasury actions such as deposit, withdraw, receive payment, and register agent, all of which can move real USDC or alter on-chain state, but it lacks a clear safety warning. Because the skill is specifically about autonomous treasury management, the context makes omission more dangerous: an agent or user could treat example flows like quickStart as harmless setup while actually triggering financial transactions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The MCP section notes that the local server needs a private key for write operations and lists multiple write-capable tools, but it does not clearly warn that these tools may sign transactions and transfer funds. In this treasury/DeFi context, exposing write tools through an MCP server increases the risk of accidental or overly autonomous fund movement if users assume MCP tools are informational by default.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.