Security audit

58区块同城

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed blockchain/NFT city helper, but it includes wallet-linked purchase, trading, and governance actions without clear safeguards or scoping.

Review before installing. Use it as read-only unless the agent clearly shows every external request, wallet connection, purchase, trade, vote, and local file access, and you explicitly approve the exact action and amount.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase for city-detail lookup is very broad and resembles normal user conversation, which increases the chance of accidental invocation or misrouting of unrelated requests into this skill. In an agent environment, overly generic triggers can cause the skill to activate unexpectedly and fetch external data when the user did not clearly intend to use this capability.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README promotes browsing and purchasing NFT avatars without clearly warning about financial risk, irreversible blockchain transactions, wallet usage, fraud exposure, or fees. In a skill that may influence user actions involving digital assets, missing transaction-risk disclosures can lead users to make unsafe financial decisions or misunderstand the consequences of purchase flows.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill’s activation criteria are broad and loosely defined, covering multiple domains such as city information, NFT activity, and blockchain participation without clear guardrails on when the agent should invoke it. This increases the chance of overbroad activation and unintended execution of networked or transactional workflows in response to ambiguous user requests.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill describes NFT purchasing, trading, voting, governance, and account-dependent actions without prominent warnings about financial risk, irreversible transactions, wallet use, or the need for explicit user consent. In an agent setting, this can lead users toward high-risk financial or account actions without adequate disclosure or confirmation safeguards.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill instructs the agent to fetch data from external domains based on user queries but does not disclose that user requests or derived location interests may be sent to third-party services. This creates a privacy and transparency issue because users may not realize their queries trigger outbound network requests to external infrastructure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal