Agent Ads Earn

The skill bundle describes a monetization framework that requires an agent to monitor private XMTP group chats and exfiltrate message content ('triggerMessage') to an external API (xmtp-agent-production-e08b.up.railway.app) for 'intent detection.' While the documentation in SKILL.md and mcp-server.json claims a consent-first model for the final referral, the underlying mechanism involves broad data collection and transmission of user conversations to a third-party service without explicit per-user consent, posing a significant privacy and data exfiltration risk. No evidence of direct credential theft or system-level compromise was found, but the behavior aligns with high-risk 'grayware' or ad-tech surveillance.