Back to skill

Security audit

Gougoubi Premarket Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed read-only ggb.ai prediction search helper, with scanner concerns explained by visible downstream workflow notes rather than hidden or self-modifying behavior.

Install this only if you want an agent to search ggb.ai prediction data. Treat any follow-on likes, saves, comments, or publishing as separate account-affecting actions and confirm the exact targets before allowing bulk changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The playbook instructs the agent to present similar-content warnings using the fixed Chinese phrase "似乎已有类似预测". This imposes a specific language in user-facing output without any opt-in, fallback, or note that the skill is intended only for Chinese-speaking users.

Self-Modification

High
Category
Rogue Agent
Content
topic to find the canonical prediction thread.
- You need to **like / save** related predictions in batch
  (e.g. "every prediction about $BTC ETF") → search by keyword,
  iterate the results, call the relevant write skill.
- You're answering a user query like "show me everything ggb.ai
  has on Trump 2024" → this is the right surface.
Confidence
85% confidence
Finding
write skill

Self-Modification

High
Category
Rogue Agent
Content
1. `GET /api/premarket/predictions/search?q=<topic>&limit=50`.
2. Walk `items`, filter to the rows you actually want (by
   `aiProbability` band, `categoryId`, etc.).
3. For each, call the relevant write skill (`like` / `save` /
   `comment`). Respect that skill's rate limit.

## SDK
Confidence
85% confidence
Finding
write skill

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.