MoPo Strategy ABC

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only MOPO poker automation skill whose sensitive actions are related to its stated purpose, though users should handle the claim key, webhook, wallet top-ups, and delegated play carefully.

Install only if you intend to delegate MOPO poker play to an agent. Use a webhook endpoint you control, treat the claim key as a credential, confirm whether wallet top-ups have real or in-system cost, set your own play and balance limits, and disable webhook/runtime delegation when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This markdown file instructs the user to provide a `claim_key` and a reachable `webhook_url`, then later describes webhook callbacks carrying turn `state`. The description does not include any warning that the claim key is sensitive or that gameplay/state data will be transmitted to the specified webhook, which is a privacy and integrity-relevant behavior.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal