Back to skill

Security audit

Near Name Service

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its NEAR name-management purpose, but its registration script can execute unintended local shell commands from crafted input and can submit paid blockchain actions with limited warning.

Review before installing. Use only trusted name and account inputs, avoid running registration with a funded NEAR account until the script validates inputs and replaces shell-string exec with safe argument passing, and treat register as a real transaction that may spend NEAR and be hard to reverse.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
76% confidence
Finding
The documented behavior presents the skill as simple domain management, but the underlying implementation reportedly invokes external NEAR CLI commands and blockchain transactions. That mismatch is dangerous because users may authorize or run the skill without realizing it can trigger account/contract interactions and paid on-chain actions, increasing the risk of unintended transactions or trust misuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The register command performs a paid, state-changing blockchain operation, but the documentation does not place a prominent warning at the command definition that executing it may spend funds and create an on-chain registration. In this context, that omission is more dangerous because the skill is explicitly aimed at domain management, where users may treat commands as harmless lookups unless cost and irreversibility are made explicit.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The registration command is built as a single shell string using untrusted values from command-line arguments and environment variables, then passed to exec(). An attacker controlling name or accountId can inject shell metacharacters and execute arbitrary commands on the host, which is especially dangerous because this skill is intended to perform real blockchain registration actions and may run in developer environments with credentials present.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.