Back to skill

Security audit

Crypto Defi

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a DeFi yield calculator, but its artifacts mainly implement a local plaintext crypto portfolio and activity logbook.

Install only if you want a local plaintext crypto notes/logbook, not a yield calculator. Avoid entering seed phrases, private keys, exact holdings, wallet addresses, or confidential trading strategy unless you are comfortable with that data remaining searchable under ~/.local/share/crypto-defi.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest says this is a DeFi yield calculator, while the body describes a multi-command crypto logging toolkit with persistent storage and operational commands unrelated to calculation. Such scope deception can cause downstream systems, users, or policy checks to approve the skill for a low-risk analytical purpose when it actually performs broader data handling, increasing the chance of unauthorized retention of sensitive investment information.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The front matter promises calculation functionality, but the documentation immediately pivots to tracking, logging, and portfolio-record management. This inconsistency undermines informed consent and security review because the effective behavior involves storing and organizing potentially sensitive crypto activity rather than merely computing values transiently.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Whale-watch, portfolio/history logging, and broad observation recording are outside the justified scope of a simple DeFi yield calculator and expand the data collected about a user's trading behavior and holdings. In this context, the extra capabilities make the skill more dangerous because users seeking calculations may unknowingly create durable records of sensitive financial activity that can later be exposed via local access, search, or export.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The implementation does not match the declared purpose of a DeFi yield calculator and instead provides a broad persistent crypto logging CLI. This capability mismatch is dangerous because users may grant trust or provide sensitive portfolio, watchlist, and transaction-related data under false expectations, increasing the chance of inappropriate data collection and misuse.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script exposes portfolio, watchlist, alert, whale-watch, and history collection features that are unrelated to the claimed calculator use case. In this context, unnecessary features expand the data collection surface and can capture sensitive financial interests and activity patterns without clear justification, making the skill more dangerous than its description suggests.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
User-provided content is written to persistent log files without any upfront warning in the comments or help output. In a finance-themed skill, users may enter wallet details, holdings, strategy notes, or other sensitive information, so silent persistence materially increases privacy and data-handling risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
The script persistently records arbitrary user inputs and later reveals them through status, recent, search, and export workflows, all in plaintext under the user's home directory. Because the skill is presented as a DeFi calculator, users may input highly sensitive financial data, and the combination of silent storage plus easy retrieval/export substantially increases exposure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.