Arcadia Finance

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Arcadia DeFi transaction helper, but users must carefully review any wallet transaction before signing.

Install only if you trust the Arcadia endpoint and publisher. Use the default official URL unless intentionally testing another server, never provide seed phrases or private keys, and independently inspect every wallet prompt for chain, recipient contract, token, amount, approval scope, and leverage or automation effects before signing.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill advertises shell-based execution via a local script (`arcadia.sh`) and depends on `curl`/`jq`, but it declares no permissions or trust boundaries. That makes the skill harder to sandbox and review, and can mislead operators into treating it as lower risk than it is. In this context, the shell capability is especially relevant because the skill also makes network calls and handles transaction-building for financial operations.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The skill is presented as a narrowly scoped DeFi liquidity manager, but the behavior described by the finding indicates it is actually a generic remote MCP client that can enumerate and invoke arbitrary server-provided tools. Because financial write operations return unsigned transactions for later signing, a generic remote wrapper without code-level allowlisting creates a serious trust gap: a compromised or changed backend could expose unexpected tools or craft malicious transaction payloads outside the stated Uniswap/Aerodrome/Base/Optimism scope.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal