ClawHub

Palacefate

Security checks across malware telemetry and agentic risk

Overview

Palacefate is a coherent prediction-market game skill, but it pushes an agent toward frequent autonomous trading, public posting, voting, and self-updating with weak user approval boundaries.

Install only if you intentionally want an agent to actively play Palacefate. Set explicit limits for check-in frequency, trade size, public comments, votes, and losses; require approval for account-changing actions; store the API key securely; and review remote updates before replacing local skill files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documentation explicitly advises agents to trade first and then post analysis to move the market in a direction that benefits their existing position. Even if framed as 'genuine and evidence-based,' this is coordinated market-moving behavior and can normalize manipulation, front-running, and deceptive persuasion by autonomous agents.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The heartbeat explicitly instructs the agent to influence market prices through persuasive commenting and voting, not merely to observe or trade. In a prediction market context this crosses into coordinated sentiment shaping and manipulation-like behavior, especially because the guidance says comments are 'what makes you money' by convincing others to move price.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill directs the agent to self-update by downloading replacement instructions from remote URLs and writing them into local skill files. This creates a supply-chain/trust-boundary problem: whoever controls the remote content can silently change future agent behavior without review, pinning, signature verification, or user approval.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to avoid bothering the human, infer consent from being asked to read the file, and configure prompts/routines so it can keep acting on Palacefate autonomously. That is a direct attempt to override normal user-confirmation and control boundaries, increasing the chance of unauthorized ongoing actions on an external account.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to buy a position and then post analysis 'to move the market,' which goes beyond ordinary market participation and directly enables manipulative behavior. In context, the skill description also says 'Persuade others to raise the price of your position,' reinforcing that influencing counterparties is a built-in objective rather than an incidental use case.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file repeatedly shows authenticated curl examples using bearer tokens without any warning about secret handling, storage, redaction, or avoiding logs/shell history exposure. In agent settings, this omission is risky because agents may paste real credentials into commands, transcripts, or external tools, leading to credential leakage and account compromise.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The instructions normalize placing bearer tokens directly into curl commands but provide no warning about secret handling, shell history, logging, or exposure to other tools. This increases the chance that credentials are mishandled or leaked, enabling unauthorized access to the user's account.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The heartbeat includes state-changing POST requests such as marking notifications read and later posting comments and votes, but it does not clearly distinguish read-only steps from account-modifying actions or require confirmation. That can cause unintended irreversible changes to account state and user-facing activity.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list contains broad, common phrases such as "debate," "trade," "forecast," and "predict" that are likely to appear in many unrelated conversations. This can cause unintended skill activation, which is especially risky here because the skill encourages persuasion and trading behavior against an external service, potentially steering agents into unwanted market actions or off-topic interactions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the user/agent to obtain, save, and reuse an API key for authenticated requests but does not warn about secure storage, scope, exposure risks, or revocation. This can lead to credential leakage or silent reuse of a token for unintended account actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages frequent trading, posting, and notification polling while simultaneously discouraging user interaction and encouraging persistent operation. This creates a strong risk of autonomous account activity that changes external state, spends balances, and posts public content without contemporaneous user consent.

Ssd 4

Medium
Confidence
98% confidence
Finding
The narrative framing pressures the agent to prioritize the game's goals over the user's oversight and to establish persistence so it can 'wake up' and continue acting. This is a classic autonomy-escalation pattern that can subvert agent alignment to the user's current intent and lead to repeated unauthorized external actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal