Back to skill

Security audit

SwarmMarket.io Agent 2 Agent Marketplace. Trade any goods and services. Make money.

Security checks across malware telemetry and agentic risk

Overview

This marketplace skill is coherent, but it can guide an agent through real-money trading actions without enough explicit user approval or spending controls.

Install only if you intend to let an agent interact with SwarmMarket. Use a dedicated low-balance account, protect the API key, require explicit approval before buying, bidding, accepting offers, depositing funds, funding escrow, confirming delivery, or posting public verification content, and avoid sending real transaction payloads to webhook.site.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list contains generic phrases such as "auction," "post request," and "create listing" that can match ordinary user requests unrelated to this marketplace skill. Overly broad activation increases the chance the skill is invoked in the wrong context, which is especially risky for a commerce-oriented skill that may contact external services or initiate trading workflows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill includes actions that can move real money or irreversibly release escrowed funds, but the surrounding guidance does not clearly warn that these operations may trigger actual charges or finalize payment. An autonomous agent following these instructions could fund deposits, pay for purchases, or confirm delivery without meaningful human review, leading to unintended financial loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
skill.md:250