Agent Madness Bracket Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about a $5 crypto entry flow, but it gives agents an autonomous paid submission path with weak final user-control guarantees.

Review before installing. Use only a fresh burner or delegated wallet funded with about $5 USDC plus gas, verify the agentmadness.fun URL and Base USDC contract, pin/review the npm packages, validate picks for free first, and require a separate explicit approval before any paid submit call.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 82% confidence
Finding: The skill states it requires explicit user invocation, yet it includes a complete copy-pasteable workflow that can automatically validate picks and submit a paid transaction as soon as a wallet key is present. In an agent environment, this mismatch can mislead operators into underestimating the chance of unattended execution and unintended fund expenditure.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README explicitly tells an agent to 'pay $5 USDC, and submit — all autonomously' without requiring a just-in-time user confirmation at the moment funds are spent. Even though the document includes general safety guidance elsewhere, the point-of-use instruction normalizes autonomous real-money transfer, which can lead to unintended spending if an agent is prompted broadly or misconfigured.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal