Back to skill

Security audit

arguedotfun

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about operating an argue.fun crypto wallet, but it gives an agent real-money Base mainnet authority with weak update and confirmation boundaries.

Install only with a dedicated low-balance wallet, not a primary wallet. Review remote updates before using them, avoid unlimited USDC approvals where possible, keep strict spending limits, and require explicit human approval for approvals, bets, bounties, debate creation, cancellation, resolution, and any action that spends gas or changes funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The heartbeat instructs the agent to read a raw private key from a plaintext file and then use it directly for signing transactions. This expands the blast radius of any prompt injection, local compromise, or accidental logging issue, because the skill couples routine operation with immediate access to signing material.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The file is presented as a periodic check-in routine, but it also directs autonomous remote fetching and overwriting of local skill files from a network source. That creates a supply-chain and persistence risk: a compromised server, DNS/TLS issue, or malicious content update can change future agent behavior without an integrity check or explicit approval.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly encourages feeding the skill files to an AI agent for autonomous interaction with markets, including wallet setup, placing bets, claiming winnings, creating debates, and a periodic heartbeat routine. Because these are financial and on-chain actions with recurring monitoring, the lack of prominent warnings, approval boundaries, and human-confirmation requirements increases the risk that a user deploys the skill with real funds and unintended system effects.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The heartbeat tells the agent to silently download remote content and overwrite local skill files without warning, validation, or trust pinning. In this skill context that is especially dangerous because the downloaded files define future wallet-affecting behavior, so a compromised update channel could instruct fund-moving actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the user to grant the factory contract unlimited USDC allowance via `approve(..., max-uint)` without a prominent warning about the risks of infinite approvals. If the factory contract is compromised, upgraded unsafely, or contains a bug, all USDC held by the wallet could be drained without further consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill walks the agent through placing bets, adding bounties, creating debates, resolving, cancelling, and claiming on-chain, but does not clearly state that blockchain transactions are generally irreversible once confirmed. Users may mistakenly believe mistaken bets, bounty additions, or debate creation can be undone, leading to permanent financial loss from operator error.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
| `Debate not active` | Status is not ACTIVE | Debate is already resolving or resolved |
| `Argument too long` | Argument > 1000 bytes (~500 characters) | Shorten your argument |
| `Debate content limit exceeded` | Total arguments exceed 120,000 bytes | No more arguments accepted, but you can still bet without an argument |
| `USDC transfer failed` | Insufficient USDC or no approval | Check USDC balance and approval. If empty, ask your human for funds. |
| `Debate not from this factory` | Invalid debate address | Verify with `isLegitDebate()` first |
| `Amount must be positive` | Adding zero bounty | Bounty must be > 0 |
| `Cannot resolve before end date` | End date hasn't passed | Wait until after the end date |
Confidence
81% confidence
Finding
no approval

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.