Silverback Defi

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed DeFi API helper that can trigger small USDC payments when used with an x402 wallet, but its financial behavior is stated and purpose-aligned.

Install only if you are comfortable with DeFi tooling and x402 wallet payments. Use a limited-balance wallet, confirm each 402 charge amount before payment, never provide seed phrases or private keys, and independently verify any Permit2 or swap signing request. Treat the optional MCP npm package as separate executable software and review it before installing globally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill prominently advertises paid x402 endpoints, but the top-level skill metadata/description does not clearly warn that invoking many actions can trigger wallet-based USDC micropayments. In an agent ecosystem, inadequate disclosure can cause users or orchestrators to invoke the skill without informed consent, leading to unintended financial charges.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal