Back to skill

Security audit

Rugpull

Security checks across malware telemetry and agentic risk

Overview

This skill claims to analyze blockchain rugpull risk, but the supplied artifacts show a local note/config store with persistent writes, export, and deletion behavior instead.

Review this before installing. It does not appear to send data over the network or run a hidden installer, but it also does not appear to do the rugpull analysis it advertises. Treat it as a local note/config tool that stores entries on disk, can export them, and can delete them without recovery; avoid entering sensitive wallet, incident, credential, or investigation details unless you are comfortable with that local persistence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest claims a blockchain rugpull analysis skill, but the body describes a generic CRUD-style local store. In agent ecosystems, security and routing decisions often rely on metadata, so deceptive or inaccurate manifest semantics can cause unsafe delegation to a tool with materially different side effects than expected.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The title and description promise rugpull/security analysis, while the command set is unrelated entry management. This inconsistency is dangerous because a user or autonomous agent may trust the branding and run commands that mutate or export local data without realizing the skill is not performing the advertised analytical task.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The help text advertises a rugpull/security analysis skill, but the implemented behavior is a generic local note database with add/list/search/remove/export features. This mismatch is dangerous because users may grant trust, provide sensitive investigation data, or invoke the skill in security workflows under false assumptions about what it actually does.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script silently creates a persistent data directory and appends user-supplied content to disk, behavior not implied by an analysis-focused security skill. Hidden storage and export capabilities increase the chance that sensitive prompts, notes, or investigation artifacts are retained locally and later exposed or mishandled.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The config command adds arbitrary configuration storage and in-place modification even though the skill claims to perform rugpull/security analysis. Unjustified stateful configuration broadens the attack surface and further indicates capability creep inconsistent with the declared purpose, making the tool harder to trust and review.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The top-level documentation explicitly claims rugpull/security analysis functionality that the code does not implement. In a security context, deceptive or inaccurate capability claims are especially dangerous because they can mislead operators, distort risk assessments, and cause sensitive data to be handled by an unvetted utility.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation includes destructive and data-affecting operations like remove, export, and config changes without any warnings, confirmation requirements, or explanation of their side effects. In an agent-driven environment, that omission can lead to accidental deletion, persistence of sensitive data, or exfiltration to files through routine invocation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
User-provided entries are persisted to ~/.rugpull/data.jsonl without any warning, consent flow, retention policy, or sensitivity notice. In the context of a purported security-analysis skill, users may enter wallet addresses, incident notes, credentials, or investigative data, so undisclosed persistence materially raises confidentiality and privacy risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The remove command permanently deletes a selected line from the data file with no confirmation, backup, or undo. While not a code-execution issue, it creates avoidable integrity risk and can cause loss of potentially important investigation records entered into the tool.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.