Back to skill

Security audit

Gougoubi Activate Created Conditions

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for blockchain activation, but it can automatically stake funds and submit governance votes without sufficiently clear user control.

Install only if you knowingly want an agent to help perform BSC governance activation. Before use, require a dry run, review every transaction, confirm the staking amount and asset, and do not let it stake or vote automatically without a separate explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes an automated flow that may perform real on-chain actions, including staking to join a committee and casting activation votes, but it does not clearly warn users that these steps create irreversible blockchain transactions, spend funds, and may have governance consequences. In an agent-driven context, this omission is dangerous because users may invoke the skill expecting read-only analysis while the agent submits state-changing transactions on their behalf.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly includes automatic committee joining by staking funds, but the description and usage guidance do not prominently warn that invoking the skill may cause an on-chain asset commitment in addition to voting transactions. In a blockchain context, hidden or under-emphasized fund-moving behavior can cause users to authorize unintended financial actions, especially if they expect a read-only or vote-only workflow.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Mandating Chinese user-facing errors without checking the user's language preference can cause users to misunderstand failures, confirmations, or next steps during a sensitive wallet and transaction flow. In this skill's context, reduced clarity around staking, gas, and voting errors can contribute to mistaken approvals or repeated failed transactions, though it is less severe than direct asset-moving logic flaws.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.