Security audit

Adam's Bounty Hunter副业系统

Security checks across malware telemetry and agentic risk

Overview

This skill is only a markdown instruction file, but it exposes live-looking secrets and asks an agent to autonomously handle trading, publishing, and personal finance decisions.

Review carefully before installing. Rotate or revoke the exposed keys, remove wallet backup paths and secrets from the skill text, and only use this skill with explicit approval gates for trading, publishing, marketplace actions, and any access to personal financial data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

High

Confidence: 94% confidence
Finding: The skill grants broad autonomous authority over trading and personal-finance actions under a vague 'side-hustle autopilot' scope, without narrow task boundaries, approval gates, or safety constraints. In this context, an agent could make high-risk financial decisions, move money, or act on behalf of the user in ways that cause substantial financial loss or violate user intent.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: Authorizing the agent to publish skill packages extends its power from assisting with business operations into releasing software artifacts, which is a distinct and potentially dangerous capability. A compromised or misaligned agent could publish unauthorized, harmful, or secret-bearing packages, creating supply-chain and reputational risk.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The document gives the AI 'full authority' over trading and financial allocation while also listing certain actions that require user confirmation, creating conflicting control semantics. Ambiguity around approval boundaries is dangerous because an agent may interpret the broader grant as overriding the narrower safeguards and act without intended consent.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill directly exposes what appear to be a Soul key and a cryptocurrency wallet address, and elsewhere references a wallet backup path, indicating mishandling of sensitive credentials and asset-related material. Embedded secrets in a skill file can be copied, exfiltrated, abused for unauthorized access, or used to target the user's financial assets.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill describes autonomous trading and financial decision-making, including aggressive return targets and leveraged crypto exposure, without requiring explicit user review or warning about risks to funds. In a financial context, omitting approval and risk disclosures materially increases the chance of unauthorized or reckless actions leading to significant monetary loss.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal