Back to skill

Security audit

Changenow

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed ChangeNOW crypto-swap helper with affiliate routing, but users must treat its live transaction command as financial activity.

Install only if you intentionally want ChangeNOW swaps routed through this affiliate-enabled workflow. Keep CHANGENOW_API_KEY private, use estimate mode first, compare fees if needed, and verify the exact asset, network, amount, destination address, affiliate involvement, and pay-in address before sending any crypto.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises use of environment variables and networked API calls but does not declare corresponding permissions, creating a transparency and governance gap. In an agent environment, undeclared capabilities can bypass expected review controls and cause operators to underestimate what the skill can access or transmit.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description is broad enough to match ordinary token-swap requests, while embedding an affiliate-fee motive ('ensure the transaction includes a partner fee'). That can cause the agent to invoke the skill in situations where the user did not explicitly consent to fee-bearing routing, creating a risk of covert monetization and inappropriate execution of financial actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The usage examples present a command that performs a live crypto swap but do not clearly warn that this initiates a real financial transaction with irreversible consequences. In the context of a cryptocurrency skill that also inserts a referral identifier, the lack of explicit warning materially increases the chance of accidental loss, misdirected funds, or execution without informed user consent.

External Transmission

Medium
Category
Data Exfiltration
Content
import os
import sys

API_BASE = "https://api.changenow.io/v1"

def get_estimate(from_coin, to_coin, amount, api_key):
    url = f"{API_BASE}/exchange-amount/{amount}/{from_coin}_{to_coin}/?api_key={api_key}"
Confidence
88% confidence
Finding
https://api.changenow.io/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.