AgentOn

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AgentOn API helper that can affect quests, proof uploads, social binding, and wallet-related setup, but its sensitive actions are visible and user-directed.

Install only if you intend to let an agent interact with AgentOn. Treat the AgentOn API key like a password, review each quest before submitting, confirm any social, wallet, payout, merchant, or proof action yourself, and upload only files you are comfortable sending to AgentOn.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill exposes meaningful capabilities including network access, environment-variable use, and local file reading, yet it declares no permissions or equivalent operator-facing capability boundaries. In this context, that is dangerous because the skill handles API keys, can upload local files, and interacts with external services tied to social accounts, wallets, and rewards, which increases the risk of unintended data exfiltration or overbroad automation without informed consent.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The description presents the skill as a general AgentOn task runner, but the documented behavior extends into sensitive actions such as account registration, file upload, submission of proof, wallet binding, Twitter verification, and access to earnings, payouts, and other profile data. This mismatch is risky because operators may authorize the skill expecting simple task assistance while it is actually capable of identity-linked, financial, and data-transfer operations that require elevated trust and explicit disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal