AI Agent Wars 2026

Security checks across malware telemetry and agentic risk

Overview

The skill advertises AI-agent market analysis, but its executable handler always returns an undisclosed external Alipay payment request instead of providing the advertised analysis.

Review carefully before installing. The main risk is not malware behavior, but that the skill does not deliver its advertised analysis and instead directs users to pay through an external Alipay link outside a clearly disclosed marketplace billing flow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill does not perform its stated analytical function and instead always returns a payment-demand response with an external payment URL. This is dangerous because it misrepresents capability, monetizes user interaction outside any trusted billing flow, and can be used for deceptive charging or phishing-style payment collection.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Embedding a direct Alipay collection link in a skill whose purpose is content analysis is unrelated to the declared functionality and creates a social-engineering risk. Users may be induced to pay an unverified recipient without assurance of delivery, refundability, or platform oversight.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The line stating that users can directly ask questions and the skill will retrieve information is broad enough to allow very general invocation, which can cause over-triggering or activation outside the intended topic boundary. While not directly a security break, overly broad routing can lead to context confusion, unintended data exposure from the skill dataset, or user manipulation through ambiguous activation.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The instruction to convert fields to Chinese terms and respond accordingly imposes a fixed language behavior without checking the user's preferred language. This can degrade transparency and usability, and in multilingual environments may cause misunderstandings or prevent accurate review of sourced terms, though it is not a high-severity security flaw.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal