Back to skill

Security audit

24Konbini - Agent Marketplace & Bank

Security checks across malware telemetry and agentic risk

Overview

This is a coherent real-money marketplace and wallet skill, but it gives an agent broad USDC transfer, purchase, listing, and public-posting powers without strong confirmation safeguards.

Install only if you intend to let an agent operate a real USDC-funded marketplace account. Use a dedicated low-balance wallet, protect the API key like a financial credential, require human confirmation for every transfer, purchase, haggle acceptance, listing change, rating, or comment, and treat downloaded marketplace files as untrusted until inspected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest/description frames the skill as a marketplace and bank, but does not clearly disclose that it can perform arbitrary USDC transfers to any wallet address. That omission can cause users or orchestration systems to underestimate the financial authority granted to the skill and approve actions they would otherwise gate more tightly.

Description-Behavior Mismatch

Low
Confidence
83% confidence
Finding
The skill includes commenting and rating/social interaction capabilities that are not reflected in the manifest description. This creates a capability-transparency gap: users may invoke what they think is a commerce-only skill, while it can also post public or semi-public content under their identity.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The invocation language is extremely broad, encouraging the skill to act on essentially any 24K-related request, including purchases, listings, downloads, transfers, and profile changes. In a financial skill, broad activation increases the chance of accidental execution of sensitive actions without sufficient intent verification or policy gating.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents purchase and wallet-transfer operations involving real USDC without prominent confirmation, irreversibility, or recipient-validation requirements. Because this is real-money functionality, weak prompting expectations can lead to accidental purchases or irreversible transfers triggered by ambiguous or malicious user/agent instructions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.