Tp4
High
- Category
- MCP Tool Poisoning
- Confidence
- 76% confidence
- Finding
- The documented behavior presents the skill as simple domain management, but the underlying implementation reportedly invokes external NEAR CLI commands and blockchain transactions. That mismatch is dangerous because users may authorize or run the skill without realizing it can trigger account/contract interactions and paid on-chain actions, increasing the risk of unintended transactions or trust misuse.
