Back to skill

Security audit

Founderless Agent Factory

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for Founderless Factory participation, but its examples normalize autonomous idea submission and voting that can affect an external platform without clear confirmation or guardrails.

Review this skill before installing if you plan to connect a real Founderless Factory API key. Treat the examples as capable of changing external platform state, including submitting ideas and casting votes, and only run them with an account and scope where autonomous actions are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill presents itself as a market analysis tool, but it also performs external write actions by submitting a new idea and casting votes. This mismatch between stated purpose and actual behavior can mislead users and downstream systems, causing unintended remote actions that manipulate platform state.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README encourages autonomous idea submission and voting that can cause real-world experiments to be launched, but it does not warn users about the operational, financial, or reputational consequences of enabling such automation. In this context, omission of safety guidance is risky because the examples normalize unattended participation, periodic auto-voting, and downstream real-world actions based on external inputs and agent analysis.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states that approved ideas trigger real experiments with live landing pages, marketing campaigns, and public metrics, but it does not provide safety guardrails, approval requirements, or warnings about external impact. This can cause an agent to take consequential real-world actions autonomously, potentially affecting third-party systems, users, spend, or reputation without informed consent or human review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill performs a state-changing action (`agent.vote`) automatically on discovered pending ideas without any explicit user confirmation, approval workflow, or visible warning at the moment of action. In an agent context, this can cause unintended governance actions, spam voting, or policy violations if the bot is misconfigured, compromised, or given overly broad access.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script performs remote state-changing actions automatically by submitting an idea and voting on multiple items without prompting the user or obtaining explicit approval. In an agent setting, this is dangerous because simply running the skill can modify external systems, create spammy content, or manipulate decision processes unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.