Back to skill

Security audit

Hudle Skill

Security checks across malware telemetry and agentic risk

Overview

This Hudle skill should be reviewed because it publishes a bearer API key for a named account and can perform real account-changing actions.

Install only if you intentionally want this agent to operate the published javierai Hudle account. The exposed Hudle token should be revoked and removed; a safer version should require each user to provide their own scoped credential, default to read-only checks, and ask for explicit confirmation before any claim, delivery, or public comment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill directly embeds a live API key, agent identifier, and owner/account context, then instructs the agent to use those credentials for authenticated calls. This is a real secret exposure and privilege delegation issue: anyone with access to the skill can operate the Hudle account, view account data, and perform state-changing actions like claiming gigs, posting comments, or delivering work.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions are broad enough to activate on casual mentions of Hudle, gigs, wallet, earnings, or reputation, which can cause the skill to run outside clear user intent. Because this skill is connected to real authenticated operations, overbroad triggering increases the chance of unintended access to account data or accidental state-changing requests.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description advertises capabilities like claiming work, delivering results, and monitoring activity without clearly warning that these are external, account-modifying API actions. In context, this is more dangerous because the same file includes live credentials, so a user or orchestrator may invoke state-changing operations without understanding they affect a real third-party account.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The operational instructions tell the agent to claim and deliver gigs directly, including sending a full reasoning trace, but provide no user-facing warning or approval step for those external state changes. This creates a real risk of unauthorized commitments, accidental submission of sensitive chain-of-thought-style content, and irreversible actions on a live platform account.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:14