RugCheck

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only Solana token risk checker that contacts RugCheck and does not show hidden data access or account-changing behavior.

Before installing, understand that using this skill sends public Solana mint addresses or token-discovery requests to RugCheck. Use the results as one risk signal, not financial advice, and verify token addresses before querying.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger language is broad enough to activate on generic token-discovery or token-safety requests, which can cause the agent to invoke this skill unexpectedly. In context, that can expose users to unnecessary external API calls, over-trust of a third-party scoring source, or shell-backed execution paths when the user did not clearly request this specific tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal