Crypto Holdings Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a basic local crypto address list and price checker, with privacy and accuracy caveats but no evidence of theft, destructive behavior, hidden install actions, or wallet-address exfiltration.

Install only if you are comfortable saving public wallet addresses locally in ~/.crypto-portfolio.json and making price lookups to CoinGecko. Treat this as a simple address notebook and price checker, not a full holdings monitor, profit calculator, or automated reporting tool.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 81% confidence
Finding: The skill advertises commands that read and write local data and perform network-based price lookups, but the manifest declares no permissions or data-handling notice. This creates a transparency and consent problem: users may invoke a crypto-related skill without realizing it persists wallet addresses locally and contacts external services, exposing sensitive financial metadata.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The documented behavior claims portfolio monitoring and holdings statistics, but the analysis indicates it does not actually query on-chain balances and instead persists wallet addresses locally without disclosing that storage behavior. This mismatch is dangerous because users may trust the output as accurate financial monitoring while unknowingly exposing wallet data to local persistence or external lookups.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Broad crypto-related triggers can cause the skill to activate during ordinary discussion about cryptocurrency, increasing the chance of unintended execution. In a finance context, accidental activation can lead to unnecessary collection, storage, or transmission of wallet-related data without clear user intent.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill description does not warn users that wallet addresses and holdings-related data may be sent to external services for price or portfolio lookups. Wallet addresses are sensitive financial identifiers, and undisclosed sharing can expose user holdings patterns, address clustering, and privacy-sensitive behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal