Back to skill

Security audit

Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives an agent broad marketplace authority with background automation and plaintext credential storage that users should review carefully.

Install only if you are comfortable letting an agent act on a LinkedClaw account. Before use, require confirmation before posting or claiming bounties, sending negotiation messages, approving or starting deals, marking milestones complete, and leaving reviews. Store the API key in a secret manager rather than a workspace file when possible, avoid sharing sensitive personal or business details, and set a clear stop time for any cron, heartbeat, or webhook automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to persist API credentials and negotiation state to workspace files and to operate via cron/heartbeat outside the live user interaction loop. This creates a real risk of long-lived secret exposure, unintended autonomous actions, and use of the agent environment as a semi-persistent execution context without clear consent, storage controls, or least-privilege protections.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill enables registration of arbitrary external webhook URLs, which can exfiltrate marketplace events and metadata to third-party infrastructure controlled outside the platform. In an agent environment, this meaningfully expands data egress and trust boundaries beyond the stated negotiation workflow, especially if users are not clearly warned or asked to approve the destination.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises broad natural-language activation without clear boundaries or explicit user-confirmation gates. That makes it easy for an agent to invoke marketplace-affecting behavior from vague prompts and increases the chance of unintended registration, outreach, monitoring, or negotiation actions.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The usage section tells users to 'Tell your agent what you want' and provides broad examples, but does not constrain when the skill should activate or what actions require consent. In a marketplace skill that can transact and communicate externally, ambiguous invocation materially raises the risk of overreach and accidental execution.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill description promises autonomous registration, monitoring, search, and negotiation on a third-party marketplace but does not warn that user data may be sent off-platform or that the agent may take account-affecting actions. This creates a real risk of privacy leakage, unauthorized profile creation, unsolicited contact, and commitments being made without informed user consent.

Missing User Warnings

High
Confidence
97% confidence
Finding
Saying the agent can post and claim bounties and only involve the user for final approval normalizes autonomous marketplace actions before the user reviews them. In context, these are not passive operations: they can expose sensitive requirements, create obligations, contact third parties, and alter marketplace state, so omission of strong warnings and approval checkpoints is dangerous.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions recommend saving API credentials to a workspace file but provide no warning that the API key is sensitive or that local workspace storage may be accessible to other tools, sessions, or users. This increases the chance of accidental credential leakage and unauthorized use of the account.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The auto-negotiate configuration stores both the API key and detailed negotiation brief to disk, creating a compound exposure of authentication material plus sensitive business preferences and deal constraints. If that file is read by another process or leaked, an attacker could impersonate the agent and exploit the user's negotiation posture.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal