Security audit

Solana Intelligence Solana智能分析

Security checks across malware telemetry and agentic risk

Overview

This Solana analysis skill is mostly purpose-aligned, but it needs Review because it includes an under-disclosed paid-verification script that sends wallet identifiers to an external service and exposes a payment API key.

Install only if you are comfortable with a paid Solana market-analysis skill that may use external data sources and a SkillPay verification flow. Do not provide wallet addresses unless you accept that they may be sent to SkillPay, and treat all token and launchpad recommendations as speculative research rather than financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill advertises only analysis/documentation behavior, yet the file content references executable scripts and external data sources that imply network access and possible file operations without declaring permissions. Undeclared capabilities reduce transparency and prevent proper sandboxing or user consent, which is risky in an agent skill that may fetch external data or write outputs.

Context-Inappropriate Capability

Low

Confidence: 97% confidence
Finding: The environment variable check allows payment verification to be bypassed entirely when `SKILLPAY_SKIP_VERIFICATION=true`. If an attacker or misconfigured deployment can influence environment variables, they can obtain unauthorized access to paid functionality without completing payment.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The trigger description is broad enough to activate on generic market-intelligence or investment-advice requests, not just narrow Solana analysis tasks. Overbroad routing can invoke the wrong skill, causing unnecessary exposure to external tools, lower-quality answers, or unsolicited financial guidance in contexts where the user did not specifically request this capability.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The example phrase about 'new Solana projects worth watching' is vague enough to overlap with generic investment-idea requests and can steer the skill toward promotional or advisory behavior. In a financial context, ambiguous triggers are more dangerous because they can cause the agent to provide high-risk opportunity recommendations without clear user intent or sufficient guardrails.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The manifest describes a very broad crypto-analysis skill that can trigger on ecosystem analysis, opportunity discovery, trend tracking, monitoring, and investment advice without clear activation boundaries. In a high-risk financial context, this ambiguity can cause over-invocation, unintended access to web/data capabilities, and unscoped advisory behavior, increasing the chance of unsafe financial guidance or misuse.

Missing User Warnings

High

Confidence: 99% confidence
Finding: A hardcoded SkillPay API key in source code is a credential exposure vulnerability. Anyone with access to the codebase, logs, backups, or redistributed package can reuse the secret to query or abuse the payment API, potentially impersonating the service or extracting payment-related data.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code transmits `user_address` and a timestamp to an external API without any explicit disclosure, consent flow, or minimization controls. This creates a privacy and data-governance risk because wallet addresses are persistent identifiers that can be linked to user activity and payment status.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The file provides concrete speculative trading strategies for newly launched meme tokens and pre-graduation positioning, but it does not place a clear, prominent warning near those tactics about extreme volatility, illiquidity, manipulation, scams, and total-loss risk. In this skill context, the content is more dangerous because the skill explicitly offers Solana opportunity detection and investment suggestions, making it likely users will treat the guidance as actionable trading advice rather than general education.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal