Back to skill

Security audit

BORT Agent (BAP-578)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed helper for contacting BORT agent runtimes and reading public BNB Chain agent data, with the main risk being that messages go to whatever runtime URL the user configures.

Install only if you intend to interact with BORT agents. Before sending messages, verify BORT_RUNTIME_URL and BNB_RPC_URL, avoid sending secrets or sensitive personal information to untrusted runtimes, and treat agent responses as untrusted external content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill clearly instructs the agent to invoke local shell scripts, but it does not declare corresponding permissions or constraints. That mismatch can cause the host agent to execute commands without transparent user consent, review, or sandbox expectations, increasing the risk of unintended command execution and unsafe external interactions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly states that webhook events may be sent with an optional HMAC-SHA256 signature, which permits unauthenticated webhook intake if implemented as described. In a system that routes inbound events to autonomous AI agents and records on-chain activity, accepting unsigned webhooks can allow spoofed events, message injection, and abuse of agent workflows or downstream automations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.