DeFi Yield Hunter

Security checks across malware telemetry and agentic risk

Overview

This skill only contains a short description, but it advertises automated DeFi portfolio actions without clear limits or confirmation safeguards.

Install only if you can keep the skill informational or enforce strict wallet controls. Use read-only access where possible, never share seed phrases or private keys, use a low-value separate wallet, and require explicit approval for every trade, rebalance, staking, liquidity deposit, withdrawal, or compounding action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly advertises automated DeFi portfolio management, auto-compounding, and rebalancing across multiple chains, which implies the ability to affect user funds without any visible warning, consent boundary, or risk disclosure. In a financial context, especially DeFi where smart contract risk, bridge risk, slippage, and irreversible loss are common, omitting those safeguards materially increases the chance of harmful or overly autonomous fund-moving behavior.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal