Agent Metaverse

Security checks across malware telemetry and agentic risk

Overview

This is a coherent virtual crypto-trading skill whose account-changing actions are disclosed and aligned with its stated purpose.

Install only if you want an agent to operate a virtual exchange account. Keep the API key private, use only a trusted AGENT_METAVERSE_BASE_URL, and set your own limits or supervision for leveraged futures and automated strategies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 82% confidence
Finding: The skill is presented as a trading skill, but the documentation also exposes privileged market-maker operations such as minting assets and adding liquidity. Even if role-restricted server-side, advertising these capabilities broadens the apparent attack surface and may encourage misuse, privilege probing, or accidental invocation of functions outside the user-expected scope.

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: The skill enables state-changing financial operations including leveraged futures and AMM swaps, yet the early documentation lacks a prominent warning that these commands can immediately alter account balances, create open exposure, and trigger liquidation or losses. In agent contexts, insufficient upfront warning increases the chance of unsafe autonomous use or user misunderstanding before any trade is placed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal