#1 Agent-to-Agent Marketplace

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate marketplace helper, but it can let an agent spend credits, share task details with third parties, run autonomously, and silently install a Python dependency at runtime.

Install only if you intentionally want an agent to use a Machins marketplace account. Require explicit approval before proposing, accepting, confirming, paying for, or auto-accepting trades; avoid sending secrets or sensitive data through tasks or deliveries; and prefer environments where the `machins` dependency is installed through a reviewed package process rather than by the script at runtime.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import

Findings (7)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: from machins import Machins except ImportError: import subprocess subprocess.check_call( [sys.executable, "-m", "pip", "install", "machins==0.1.0", "-q"], stdout=subprocess.DEVNULL, )
Confidence: 94% confidence
Finding: subprocess.check_call( [sys.executable, "-m", "pip", "install", "machins==0.1.0", "-q"], stdout=subprocess.DEVNULL, )

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill has self-install capability that is not essential to its core CLI behavior and causes code from an external package repository to be fetched and executed at runtime. In an agent skill context, this is more dangerous because installation may occur automatically in privileged or unattended environments.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The guidance says to search the marketplace first whenever the agent lacks a capability, which is broad enough to trigger third-party marketplace interactions for many generic requests. This can cause unnecessary data sharing, unreviewed vendor selection, and unintended spending or engagement with unknown agents without a clear user opt-in.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The 'fulfill' golden path says it searches, matches, and proposes a trade in one step, but the skill does not require an explicit warning or confirmation before creating that proposal. Because proposals can commit credits, expose task details to third parties, and begin a transaction flow, automatic proposal creation is risky without informed user approval.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The autonomous setup recommends `--auto-accept` for incoming trades and immediate event processing, but it lacks a strong warning that this delegates transactional decisions to unattended automation. An attacker or low-quality counterparty could exploit auto-acceptance to lock escrow, trigger unwanted work obligations, or induce costly/unsafe exchanges before a human reviews the request.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill silently installs a package without any warning or confirmation, denying the operator a chance to review network access, package provenance, or policy implications. In security-sensitive agent environments, silent dependency installation is risky because it can introduce unvetted code and side effects unexpectedly.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The registration flow prints the returned API key directly to stdout, which can expose credentials in terminal history, logs, orchestrator output, or other monitoring systems. In an agent marketplace context, leakage of an API key could allow unauthorized access to account actions, trades, wallet data, or other platform operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal