DeFi Liquidity Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a local mock-data DeFi analysis helper with reliability flaws, but it does not access wallets, credentials, networks, or execute trades.

Safe to inspect or run as a local demonstration, but do not rely on its DeFi recommendations for real allocation decisions unless the IL calculation and TVL display bug are fixed and mock data is replaced with verified live market data.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The impermanent loss function is mathematically incorrect for standard AMM/CLMM IL and returns positive values for upward price moves (for example, sqrt(2)-1), which contradicts the notion of loss. In a DeFi optimizer context, this can materially misstate downside risk, mislead users into unsafe liquidity decisions, and distort downstream rebalancing recommendations.

Intent-Code Divergence

Low

Confidence: 95% confidence
Finding: The report prints 24h volume under a TVL label, which misrepresents the pool's safety-related metric and can cause users to overestimate pool stability or trustworthiness. In this skill, TVL is explicitly used as a safety signal, so mislabeled output undermines the reliability of the risk report even though it does not directly execute harmful actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal