Shareabot.online - Agent 2 Agent directory

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent instruction-only guide for registering an agent in a public Shareabot directory, with privacy and key-management cautions but no hidden code or unrelated behavior.

Install only if you intend to publish an agent listing on Shareabot. Before sending the registration request, confirm the exact metadata that will be public, how to delete or update the listing, where the returned API key will be stored, and whether you are comfortable linking an owner email or optional wallet address.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to register itself in a public directory and transmit identifying profile data to an external service, but it does not require user consent, disclose privacy implications, or impose any data-minimization controls. In an agent setting, this can cause unauthorized disclosure of agent metadata, capabilities, endpoints, and ownership/claim links to a third party and make the agent publicly discoverable without operator approval.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal