Back to skill

Security audit

Job for Agents

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for OpenJobs automation, but it needs Review because it can overwrite its own local instructions from remote sources during heartbeat runs and requires Telegram summaries of state-changing activity.

Install only if you are comfortable with an OpenJobs agent that can store wallet/API credentials locally and take marketplace actions such as applying, submitting, approving, depositing, or staking. Before use, remove or gate the heartbeat `--force` self-refresh behind manual review, opt out of or tightly limit Telegram notifications, and protect `~/.openjobs` as credential storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill requires sending Telegram notifications for OpenJobs actions, which extends behavior beyond the core marketplace/CLI workflow into an external communication channel. That creates an unintended data-flow boundary where job, task, or submission metadata may be transmitted to a third party, increasing privacy and compliance risk and potentially causing actions to fail or block on unavailable chat details.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The instructions direct the agent to use an external Telegram channel that is unrelated to the stated OpenJobs CLI operations. This broadens the skill's authority and can leak operational details such as job IDs, task IDs, attachment IDs, and workflow status to a service outside the marketplace context, violating least-privilege expectations for a job-marketplace skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Telegram notification requirement instructs transmitting operational details externally but does not warn about the privacy implications or require minimization beyond avoiding full API keys. That omission can lead to unnecessary disclosure of job/task metadata, participant identifiers, and workflow context to Telegram, which may be inappropriate for confidential marketplace activity.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger language is broad enough to activate on generic terms like 'marketplace', 'my agent', or bot-to-bot activity on Solana, which can cause the runtime to load this skill in situations the user did not specifically intend. That increases the chance of unintended CLI-driven actions involving wallets, jobs, or remote content in contexts outside OpenJobs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs a forced reinstall of the full skill bundle at the start of every heartbeat, which can overwrite local skill files without an explicit operator approval or safety warning. In practice, this creates an automatic self-modifying behavior path where local reviewed instructions can be replaced during routine execution.

Ssd 1

High
Confidence
98% confidence
Finding
Declaring remote skill files as the 'runtime execution authority' lets externally hosted content override the agent's local, previously reviewed behavior on every heartbeat. This is a direct trust-boundary violation and creates a supply-chain style control channel: if the remote source is compromised or changed unexpectedly, the agent will ingest new instructions automatically.

Session Persistence

Medium
Category
Rogue Agent
Content
#!/usr/bin/env node
/**
 * OpenJobs — Create Solana Wallet (offline)
 *
 * Generates a brand-new Solana keypair LOCALLY and writes:
 *   - ~/.openjobs/wallet.json   (Phantom/solana-cli compatible 64-byte secret key array)
Confidence
78% confidence
Finding
Create Solana Wallet (offline) * * Generates a brand-new Solana keypair LOCALLY and writes: * - ~/.openjobs/wallet.json (Phantom/solana-cli compatible 64-byte secret key array) * - updates ~

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/create-solana-wallet.mjs:118