AI Profit Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is an opportunity scanner, but it embeds a third-party bearer token and runs under-scoped shell/network behavior that users should review before installing.

Install only after reviewing and editing the script. Remove and rotate the embedded Moltbook token, require credentials through environment or a secret manager, document all contacted services, make wallet monitoring explicit and opt-in, and avoid hourly cron use until the exact local scripts and log retention are understood.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill advertises a shell entrypoint (`bash scripts/scan.sh`) but declares no corresponding permissions, creating a transparency and containment gap. Users or orchestrators may invoke a capability with broader local execution power than the manifest suggests, increasing the risk of unintended command execution or hidden side effects.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The documented purpose does not match the reported behavior: use of a hardcoded authenticated Moltbook token, wallet-monitoring logic, and omission of a claimed platform indicate undisclosed capabilities and possible credential misuse. This is dangerous because operators may grant trust based on the description while the skill performs different network actions and accesses protected resources behind the scenes.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The script's stated purpose is opportunity scanning, but it silently invokes a separate Polymarket wallet monitor, which broadens behavior into wallet-specific monitoring without disclosure. In an agent context, hidden delegation to another script is risky because that secondary script may access sensitive financial data or perform actions outside the user's expectations.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: A bearer token is hardcoded directly into the script and used for authenticated access to Moltbook. Hardcoded credentials are dangerous because they can be extracted from source, reused by anyone with access to the skill, and may grant unauthorized access or consume a third party's account/API quota.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: An overly broad invocation cue around 'money-making opportunities' can cause the skill to trigger in many generic financial conversations, leading to unnecessary execution of scripts and external requests. In an agent ecosystem, this increases the chance of the skill running without clear user intent or sufficient scrutiny, which expands exposure to whatever the scanner actually does.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation says the skill scans multiple external platforms but gives no warning that invoking it will send network requests and may disclose user, host, or credential-derived data to third parties. That lack of disclosure is risky because users may unknowingly trigger outbound traffic to several services, especially in automated or privacy-sensitive environments.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The script performs a network request using a hardcoded bearer token without any user-facing disclosure that authenticated access is being used. This is dangerous because it hides credential usage from operators and can cause unauthorized account activity, token leakage, or abuse under the identity tied to the credential.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The script launches another local script without explaining its effects, creating an opaque execution chain. In a financial-monitoring skill, this lack of transparency increases risk because the secondary script could inspect wallets, transmit data, or take additional actions outside the visible behavior of this file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal