Security audit

Fear Greed Index

Security checks across malware telemetry and agentic risk

Overview

This skill fetches the stated crypto sentiment data, but running it can automatically charge a SkillPay account before the data is returned.

Install only if you intend every script run to be billable through SkillPay.me. Use a narrowly scoped SkillPay key if available, do not run it automatically without user approval, and expect a charge attempt before the market-data fetch completes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises executable commands that fetch remote data and likely use environment variables or runtime configuration, yet it declares no permissions for network or environment access. This creates a transparency and governance gap: users and platforms cannot accurately assess what resources the skill will access, and undeclared capabilities can hide data exposure or outbound requests.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill description frames the capability as a simple market sentiment reporter, but the behavior includes charging users through an external billing service, requiring user billing identifiers/API keys, and providing additional data retrieval not clearly disclosed in the primary description. This mismatch undermines informed consent and can lead users to expose sensitive identifiers or incur charges they did not reasonably expect.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script performs mandatory third-party billing before providing the advertised market sentiment data, but the skill description does not disclose this monetization behavior. Hidden charging logic is security-relevant because it can cause unexpected financial impact and undermines informed user consent, especially when tied to a required command-line argument and external payment API.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: For a simple sentiment-reporting skill, introducing billing credentials and payment processing expands the trust boundary unnecessarily and creates exposure around secret handling. Even though the code only reads one expected environment variable, it still enables use of privileged payment credentials in a context not disclosed by the skill's stated purpose.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill performs a billing action through SkillPay before delivering a simple market-sentiment report, but the manifest description does not disclose that the skill charges money. For an informational skill, undisclosed charging is a real security and trust issue because users or hosting agents may invoke it expecting a free data fetch and instead trigger financial loss.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The code retrieves a payment API key from the environment for a sentiment-reporting skill, meaning the skill can access privileged billing credentials at runtime. In this context, that is more dangerous because the core task does not inherently require broad access to secrets, and compromise or misuse could enable unauthorized charges or abuse of the payment account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal