Back to skill

Security audit

zapper-api

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Zapper lookup skill that uses a Zapper API key and sends wallet queries to Zapper as expected for its purpose.

Install only if you are comfortable using a Zapper API key and sending queried wallet addresses, portfolio requests, NFT requests, and transaction-history requests to Zapper. Keep ~/.config/zapper/addresses.json private, use wallet labels carefully, and avoid querying addresses you do not want associated with your Zapper API usage or local agent session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares it requires an environment variable and clearly depends on outbound API access, but it does not declare corresponding permissions. Hidden or undeclared access to secrets and the network reduces transparency and can cause the agent to send sensitive wallet-related data to external services without explicit permission gating or user awareness.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The `config` subcommand exposes local configuration details, including wallet labels and partially masked wallet addresses, that are not necessary for the core remote-query functionality. In an agent setting, this expands the skill from external Zapper lookups into local environment inspection, enabling unintended disclosure of user-associated wallet metadata to the model or downstream consumers.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation wording is broad enough to trigger on many common wallet, balance, NFT, price, or transaction questions, which can cause over-invocation of a third-party-integrated skill. In context, that increases the chance that user wallet addresses or financial interest data are sent externally when the user may have expected a local answer or a narrower tool.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation describes wallet, NFT, portfolio, and transaction lookups but does not clearly warn that supplied wallet addresses and related query data will be transmitted to Zapper's external API. Even though blockchain addresses are public on-chain, sending them to a third party can still expose user interests, link identities across wallets, and create privacy risks through aggregation and logging.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The examples encourage sending wallet addresses and associated portfolio or NFT data to Zapper's public third-party API without any privacy notice or consent guidance. While wallet addresses are public on-chain, querying them through a third party can disclose user interests and link addresses to a user session or identity, creating avoidable privacy leakage.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends wallet addresses and related portfolio, NFT, and transaction-history queries to Zapper's third-party API without any explicit warning or consent mechanism. While this is core to the skill's purpose, wallet addresses and financial activity are sensitive metadata, and silent transmission can violate user expectations or privacy requirements in an agent environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.