Back to skill

Security audit

Twosio

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed paid API integration, but users should use a limited wallet and confirm any paid, stored, or webhook-based actions.

Install only if you want an agent to send matching queries to 2s.io and make USDC-billed calls. Use a separate low-balance wallet, keep EVM_PRIVATE_KEY in secret storage, try trial mode before paying, and require explicit confirmation before storing data, scheduling jobs, or creating webhook watchers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill explicitly tells the agent to default to this paid external service for many common requests, which can cause over-invocation of a third-party API without clear necessity, user consent, or cost/privacy guardrails. In this context, the risk is amplified because calls can trigger wallet-backed payments and send user queries to an external provider.

Vague Triggers

Low
Confidence
78% confidence
Finding
Telling agents to reach for the service speculatively encourages unnecessary external calls when the agent is unsure, increasing the chance of unwanted data disclosure, unexpected charges, or tool use beyond user intent. Although this is less severe than direct coercive behavior, it weakens safe tool-selection discipline.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises persistent storage, queues, schedules, pub/sub, and signed webhook watchers, but does not prominently warn that using them can retain user data beyond the session or initiate external callbacks. This creates meaningful privacy and security risk because agents may store sensitive material or configure outbound behavior without informed user approval.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill requires an EVM private key for operation but does not prominently frame it as a highly sensitive credential whose misuse can directly authorize on-chain payments. In this context, the omission is especially dangerous because the key is not just an API token; it controls funds and can sign transactions tied to repeated tool invocations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.