Aavegotchi GBM Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Web3 auction helper that can sign real Base transactions, but its high-impact behavior is purpose-aligned and gated by dry-run and explicit broadcast instructions.

Install only if you are comfortable letting an agent prepare and, when explicitly authorized, broadcast Base mainnet transactions. Use a dedicated low-balance wallet, keep DRY_RUN=1 by default, verify contract addresses and auction details before any send, and avoid granting broad approvals unless you understand and can revoke them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill metadata and top-level description scope the capability to view/create/cancel/bid/claim auctions, but the documentation also includes executable buy-now flows. This creates a scope mismatch that can mislead operators, policy engines, or allowlists into permitting actions they did not intend to authorize, increasing the chance of unauthorized fund-spending transactions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal