Binance Web3

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Binance/Web3 market data skill; it has disclosure gaps around extra helper scripts and wallet-address queries, but the behavior is purpose-aligned and not destructive.

Install only if you are comfortable sending token symbols, contract addresses, chain IDs, and any wallet addresses you query to the listed Web3 data providers. Review the unhighlighted helper scripts before use, note the possible proxy behavior in market-rank.sh, and make sure bash, curl, and jq are available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill advertises shell scripts in SKILL.md but does not declare corresponding permissions, which creates a transparency and policy-enforcement gap. Undeclared shell capability can let a skill execute commands or access networked resources in ways users and the platform may not expect, increasing the chance of abuse or unsafe execution.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 81% confidence
Finding: The documented purpose says the skill queries Binance Web3 data, but the behavior reportedly includes additional capabilities and at least one third-party endpoint not clearly disclosed. This mismatch is dangerous because users and reviewers may trust the skill under narrower assumptions while it collects extra data or sends requests to external services with different trust, privacy, and integrity properties.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The script transmits a user-supplied wallet address and chain ID to a third-party Binance endpoint without any notice, consent flow, or privacy disclosure. While blockchain addresses are often public, associating a user-provided address with a request can still create privacy and tracking risks, especially in an agent context where users may not expect external sharing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal