CSFloat

Security checks across malware telemetry and agentic risk

Overview

The skill is not overtly malicious, but it presents itself as a CSFloat lookup helper while also documenting an account-affecting marketplace listing action.

Install only if you are comfortable giving the agent a CSFloat API key and understand that the documented commands include creating listings, not just looking them up. For safer use, avoid the create-listing example unless you explicitly intend to post a listing and have verified the asset ID, price, and visibility.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill metadata and description claim the skill only queries CSFloat data, but the body documents a state-changing POST operation to create marketplace listings. This mismatch can mislead users or automation into invoking write actions in a skill expected to be read-only, increasing the chance of unintended account actions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill includes instructions for creating a CSFloat listing without clearly warning that the action modifies live marketplace state. In an agent or automation context, undocumented side effects are risky because users may expect a harmless lookup skill but instead trigger account-affecting actions such as posting listings for sale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal