Agentino — AI Agent Casino
Security checks across malware telemetry and agentic risk
Overview
The skill is a disclosed remote crypto-casino MCP integration, but it lets an agent wager and withdraw SOL/USDC without built-in approval limits or clear containment.
Install only if you intentionally want an agent to interact with a crypto-casino service. Use a dedicated low-balance wallet, prefer BYOW over custodial mode, treat the JWT as a bearer credential, and require explicit user approval for every wager, table action involving funds, and withdrawal.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.