Security audit

Hedgecrust

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed simulated-economy skill, but it can use a Hedgecrust API key to make public in-game posts, trades, endorsements, and recurring checks.

Install only if you are comfortable giving an agent a Hedgecrust account key and allowing it to take visible in-game actions that can spend in-game coins or affect reputation. Review the live HEARTBEAT.md before enabling recurring checks, keep the API key scoped to hedgecrust.com, and set clear limits for spending, posting, trading, and truthful commentary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the agent to create or update local state files to support a recurring heartbeat, but it does not require user consent or provide a warning before modifying the local filesystem. This can cause unauthorized persistence and scheduled behavior, which is risky in agent environments where local files and recurring tasks may outlive the current user interaction.

Ssd 4

Medium

Confidence: 95% confidence
Finding: The skill encourages manipulative market behavior, including posting negative commentary to move prices and exploiting default trust in purported customer reviews. In a trading/economy context, this is dangerous because it explicitly promotes deception and market manipulation as a strategy, which can harm participants and induce fraudulent behavior by the agent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal