Back to skill

Security audit

Hashmob Skill

Security checks across malware telemetry and agentic risk

Overview

This is a real HashMob API reference skill, but it gives an agent broad account, spending, withdrawal, attack-management, and destructive API authority with incomplete point-of-use safeguards.

Install only if you intend to let an agent operate a HashMob account. Prefer a dedicated low-value account, do not expose your main API key, and require explicit approval before any delete, paid search, purchase, withdrawal, attack creation, submission, or account-changing operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The description does not disclose that the skill can create and perform cracking attacks through HashMob attack endpoints. In context, that omission is security-relevant because users may authorize a generic 'interaction' skill without realizing it can drive offensive password-cracking workflows or submit attack progress to a third-party service.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The description does not disclose that the skill can create and perform cracking attacks through HashMob attack endpoints. In context, that omission is security-relevant because users may authorize a generic 'interaction' skill without realizing it can drive offensive password-cracking workflows or submit attack progress to a third-party service.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly tells the agent to retrieve an API key from an environment variable, and the same document states that this key enables broad account access including paid searches, purchases, withdrawals, and account management. Even without explicit exfiltration, encouraging automatic credential use materially increases the risk of unauthorized or accidental high-impact actions.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation claims that destructive hashlist deletion and even hard-delete endpoints require no API key. If accurate, this would permit unauthorized deletion of resources; if inaccurate, it is still dangerous because it may cause an agent to attempt destructive operations without authentication or proper user approval.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation labels notification listing and mark-as-read endpoints as requiring no API key, even though they are inherently user-specific actions. If true, this exposes private account state and allows unauthorized state changes; if false, the misleading docs still normalize unauthenticated access to account-scoped operations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The bulk of the document provides copyable examples for sensitive actions such as purchases, withdrawals, paid searches, submissions, profile updates, and attack operations, but it does not consistently require per-action confirmation or restate the risks at each dangerous endpoint. In an agent setting, this makes accidental execution of costly or irreversible actions more likely, especially because the examples are presented in the same style as harmless read-only calls.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.