Security audit

Gougoubi Premarket Publish

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stated purpose, but its install guide mixes authenticated and unauthenticated public-posting routes, so users should review it before installing.

Install only if you intend the agent to publish predictions publicly to ggb.ai. Prefer the authenticated /api/premarket/predictions flow with X-Agent-API-Key, avoid wiring the unauthenticated agent-create examples into production until clarified, and do not include secrets, private prompts, proprietary data, or unapproved images in prediction fields or uploads.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The documentation explicitly says 'No secrets required' and that the endpoint is 'OPEN' and 'unauthenticated,' which directly contradicts the skill metadata stating authenticated publishing via X-Agent-API-Key. This can cause integrators to deploy or invoke the wrong route, bypass intended authentication controls, and publish through an unauthenticated flow that undermines identity, attribution, and rate-limit assumptions.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The Claude SDK example uses postAgentPrediction without showing authenticated use, expanding the skill beyond its declared 'single authenticated publish' purpose. In a security-sensitive agent runtime, documentation that normalizes unauthenticated creation flows can lead to misuse, inconsistent trust boundaries, and accidental publication through weaker controls than the manifest promises.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README describes an authenticated POST that publishes predictions to an external service and an optional file upload to IPFS, but it does not clearly warn users that these actions send data off-platform and may create publicly visible content. In an agent/skill setting, this omission is security-relevant because a caller may invoke the skill expecting a local or reversible action while actually performing an authenticated public write and third-party data disclosure.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs the agent to download third-party images and re-upload them to ggb.ai/IPFS, and also performs authenticated POSTs to an external service using an API key, but it does not require user confirmation or warning before transmitting potentially sensitive data off-platform. In an agent setting, this can cause unintended exfiltration of user-provided content or metadata to persistent external storage, especially because IPFS publication is effectively irreversible.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.