Back to skill

Security audit

Gougoubi Market Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This is a code-free router for Gougoubi crypto market workflows, but it can dispatch high-impact actions like staking liquidity, submitting results, and claiming rewards without explicit confirmation rules.

Review the downstream Gougoubi skills before installing this router. Use it only if you are comfortable with an agent selecting workflow steps, and require manual approval for any action that stakes liquidity, changes market state, submits official results, or claims rewards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description says to use this skill whenever a request is "high-level and spans multiple Gougoubi market stages," but it does not define concrete trigger boundaries or exclusions. That makes activation criteria subjective and could cause the skill to be invoked for loosely related multi-step requests.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Phrases like "check what is missing and continue" and "handle this proposal end to end" are broad natural-language requests without clear Gougoubi-specific constraints. Because they resemble generic assistant requests, they increase the risk of unintended invocation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description says to use this skill whenever users describe 'a high-level market task rather than a single low-level action,' which is a broad natural-language condition without clear boundaries or exclusion examples. This can overlap with many ordinary Gougoubi-related requests and make it unclear when the orchestrator should activate versus a more specific downstream skill.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The 'Use This Skill When' section gives positive conditions like 'complete market workflow' and 'multiple stages' but does not define edge cases or exclusions. Without negative examples, the routing boundary remains ambiguous, especially for requests that mention several actions but only need one concrete downstream operation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.