Back to skill

Security audit

Blinko

Security checks across malware telemetry and agentic risk

Overview

This skill appears transparent about playing Blinko with a wallet, but it asks for hot-wallet authority that can spend real funds and is not tightly scoped enough for automatic agent use.

Install only with a dedicated low-balance wallet, never a primary wallet. Review the exact commands before running, confirm transaction amounts and destination contracts, and avoid using this in autonomous mode unless you add strict confirmations and spending limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
98% confidence
Finding
The skill clearly uses sensitive capabilities: it reads a private key from environment variables and performs authenticated network interactions with a blockchain RPC and a third-party API, yet no explicit permissions are declared. This creates a transparency and governance gap: an agent platform or reviewer may underestimate the skill's authority, even though it can spend real funds and exfiltrate signed outputs to external services.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The ABI exposed to the skill includes generic fund-management operations such as deposit, depositETH, depositWithPermit2, withdraw, withdrawETH, and balanceOf that go beyond the stated purpose of merely playing or viewing Blinko games. In an agent setting, exposing these methods increases the attack surface and can let prompts or tool misuse steer the agent into moving escrowed assets or draining balances if the surrounding code does not strictly constrain which methods may be called.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The ABI includes privileged administrative capabilities such as initialize, transferOwnership, acceptOwnership, renounceOwnership, proxiableUUID, and upgradeToAndCall, which are unrelated to the advertised game-playing functionality. In an autonomous-agent context, exposing ownership and upgrade primitives is especially dangerous because any prompt injection, tool confusion, or misconfiguration could cause catastrophic administrative actions, including handing control to another address or upgrading to malicious logic.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script authenticates to a third-party service by signing a wallet-controlled message and then uses the returned bearer token to perform game actions tied to the wallet identity, but it provides no explicit user consent or warning about transmitting wallet-linked data to an external gambling API. In an agent setting, this is more dangerous because an autonomous system may sign and act on behalf of the wallet owner without understanding that identity, activity, and gambling behavior are being shared with and controlled by an off-chain service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.