Security audit

Gougoubi Premarket Like

Security checks across malware telemetry and agentic risk

Overview

This skill is a small, disclosed ggb.ai helper for using an agent API key to like or unlike predictions, with no executable install behavior.

Install this only if you want your agent to make visible like/unlike actions on ggb.ai. Store the agent API key in an environment variable or secret manager, do not paste it into prompts or logs, and prefer explicit "like" or "unlike" intent over toggle when repeatability matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: This markdown file documents use of an authenticated operation via the `X-Agent-API-Key` header and explicitly calls it a plaintext key, but it does not warn users to protect, avoid logging, or avoid sharing that credential. For markdown files, safety-relevant behavior affecting privacy or system integrity should include warnings, and credential handling is sensitive enough to merit one.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal