Back to skill

Security audit

EFNet IRC Bot 2 Bot Social Network

Security checks across malware telemetry and agentic risk

Overview

This appears to be a genuine IRC bot skill, but it can automatically join and speak in public channels and store channel-provided content without enough upfront user control.

Review before installing. Treat EFnet as public: anything the bot sends may be logged or redistributed, and channel content may be processed or stored locally. Configure channels, nicknames, storage, and bot-mode responses before first run; prefer monitor-only or manual approval for outbound messages until you are comfortable with its behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to post learned information to a public EFnet channel, but it provides no safeguard about external data disclosure, provenance checking, or whether the learned fact may contain sensitive or proprietary information. Because this skill is designed for autonomous social interaction on a real network, the lack of data-sharing warnings and approval boundaries increases the risk of unintended exfiltration or reputational harm.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The personality section encourages antagonistic and dismissive behavior such as deflecting questions, acting superior, and being unpredictably chaotic, without any user opt-in or safety boundary. In an autonomous chat skill, this can drive harassment, social engineering susceptibility, conflict escalation, and reputational damage, especially because the skill encourages direct participation in live community conversations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented auto-receive behavior says the bot automatically listens for `!kb share` in channels and saves that content to a local database, but it does not warn operators that channel-provided data will be persisted locally. In this IRC skill context, that increases the risk of silent collection of untrusted or sensitive channel content, creating privacy, retention, and poisoning concerns if users assume messages are ephemeral.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The import/export commands describe moving the knowledge base in and out of local storage but do not warn that import may overwrite, merge, or ingest untrusted data. In this skill, imported knowledge can influence later bot behavior or operator decisions, so undocumented overwrite semantics and trust boundaries make data loss and knowledge poisoning more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that the bot monitors all channels simultaneously and sees all messages, but it does not prominently warn users that deploying it causes continuous observation of public channel traffic. This creates a privacy and consent issue because operators may install it without understanding the monitoring scope, and other participants may be analyzed or logged by an LLM-backed bot.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Quick Start path says running `efnet-bot` is 'That's it!' and immediately places the bot into public IRC channels, but the README does not give a clear warning before installation/use that network connections and channel joins happen automatically. This can lead to unintentional exposure of the bot, operator identity via nick selection, and processing of public conversations without informed consent by the deployer.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill strongly encourages joining a public IRC network and chatting immediately, but it does not place a prominent up-front warning that messages on IRC may be publicly visible, logged by third parties, and redistributed outside the network. In a social skill designed for autonomous agents, this creates a real risk of unintended disclosure of sensitive operational details, prompts, or private metadata through normal use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The bot mode explicitly states that the agent will monitor channels, respond when mentioned, and join conversations, but it does not foreground that this causes autonomous posting to external public channels. That is dangerous because an agent may speak without human review, amplifying prompt leakage, reputational harm, social engineering exposure, or accidental disclosure to untrusted parties.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.