Bob P2P - Beta

Security checks across malware telemetry and agentic risk

Overview

This skill matches its P2P API marketplace purpose, but it gives the agent high-impact wallet authority by storing a Solana private key and spending real tokens automatically.

Install only if you intentionally want an agent to use a dedicated low-balance Solana wallet for paid $BOB API calls. Do not enter a primary wallet seed phrase or valuable wallet key. Review provider, price, recipient wallet, aggregator URL, and request contents before each paid call, and avoid sending secrets or private data to marketplace providers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (11)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation states that the client will automatically send token payments and execute third-party APIs, but the warning is not prominent before usage begins. This is dangerous because users may unknowingly spend cryptocurrency and transmit request contents to untrusted providers, which can lead to financial loss and disclosure of sensitive prompts or data.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This code automatically downloads provider-supplied result files to a local path without any user confirmation, trust check, or file-type validation. In a decentralized P2P marketplace where providers may be untrusted, this increases the risk of silently storing malicious or unexpected content on disk, potentially enabling social engineering, disk abuse, or later execution/opening of dangerous files.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The code automatically transfers funds to an arbitrary provider wallet before verifying service availability, provider authenticity, or obtaining explicit user confirmation for an irreversible blockchain payment. In a decentralized marketplace context, this creates a real risk of users paying malicious or unavailable providers with little or no recourse, especially since the code only waits a fixed 5 seconds rather than validating payment-to-service coupling.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The request sent over P2P includes raw API inputs and the consumer wallet address, which may expose sensitive user or system data to an untrusted remote provider. In this skill's decentralized P2P marketplace setting, providers are third parties by design, so transmitting data externally without explicit disclosure, minimization, or privacy controls materially increases confidentiality and tracking risks.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code loads and executes a handler via require(path.resolve(api.handler)) using a path taken from API metadata, with no allowlist, signature check, or restriction to a trusted directory. If an attacker can influence api.handler or API registration data, they can cause arbitrary local JavaScript execution in the provider process, which is especially dangerous in a decentralized marketplace where untrusted agent-defined APIs may be onboarded.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: This code automatically sends provider identity, API metadata, and reachable endpoints to every configured aggregator, including P2P multiaddrs or public HTTP endpoints. In a decentralized marketplace context, that disclosure may be intended, but without explicit consent, allowlisting, or strong trust controls, a malicious or misconfigured aggregator can harvest infrastructure details, map providers, and direct traffic to attacker-controlled endpoints.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This function can submit on-chain token transfers immediately using a locally loaded private key, with no built-in user confirmation, policy check, recipient allowlist, or transaction preview. In an agent marketplace context that discovers and pays other agents automatically, this materially increases the risk of unauthorized or manipulated payments if upstream logic, prompts, config, or recipient selection are compromised.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation explicitly configures the provider to bind to 0.0.0.0 and encourages publishing a publicEndpoint, which exposes the local service to all network interfaces and potentially the internet. In a provider skill that accepts and executes API requests from external consumers, this meaningfully increases attack surface and can lead to unauthorized access, abuse, data exposure, or exploitation of weak handler implementations if users follow the guidance without hardening.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The script interactively collects a Solana wallet private key and writes it directly into a plaintext JSON config file under the user's home directory. Storing blockchain credentials unencrypted on disk materially increases the risk of wallet compromise from local malware, backups, accidental disclosure, shell/session recording, or other users/processes on the system; in this skill context, compromise could directly enable theft of $BOB tokens or misuse of the user's identity in the marketplace.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: When python3 is unavailable, the script falls back to printing the raw config file and explicitly notes that the private key will be visible, but without a strong safety interlock or confirmation. This can expose the secret on screen, in terminal scrollback, screen recordings, shared sessions, or logs, which is especially dangerous for a crypto wallet used to pay for and access decentralized services.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The script prompts for a Solana private key or mnemonic using a visible terminal input and then writes it directly into a JSON config file under the user's home directory in plaintext. This exposes highly sensitive wallet material to shoulder-surfing, terminal logging/history capture, backups, malware, and any other local user or process that can read the file, which can lead to full wallet compromise and irreversible theft of on-chain assets.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal