Back to skill

Security audit

Pg Buy

Security checks across malware telemetry and agentic risk

Overview

This skill is a real ProxyGate buyer guide, but it gives an agent broad financial and third-party API authority without enough scoping or confirmation safeguards.

Install only if you specifically want to use ProxyGate. Require explicit approval before every deposit, withdrawal, paid proxy request, seller rating, listing change, tunnel exposure, or job marketplace action; use a low-balance wallet or limited API key; and avoid sending secrets, personal data, or proprietary payloads through proxy requests unless you intentionally trust the selected service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is described as buyer-focused, but the reference includes seller administration, tunnel/development, and job marketplace commands that materially expand what an agent could be induced to do. This scope mismatch is dangerous because an LLM using the reference may execute higher-risk operational or destructive actions such as deleting listings, rotating keys, exposing services, or accepting marketplace jobs that the user did not intend.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill’s invocation guidance is excessively broad, explicitly instructing use whenever a user mentions generic phrases like 'make an API call', 'find an API', or 'search APIs'. That can cause the agent to route many ordinary API-related requests into a financially sensitive ProxyGate workflow, increasing the chance of unnecessary fund movement, unintended third-party calls, or use of a marketplace the user did not request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill includes direct instructions for depositing and later withdrawing USDC, but it does not require an explicit confirmation step or warn that these actions move real funds. In an agent setting, this omission is dangerous because generic task execution could trigger irreversible wallet transactions or spending without sufficiently informed user consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The command reference documents state-changing, destructive, and privacy-impacting actions such as logout --all, withdraw, listings delete, rotate-key, tunnel exposure, and marketplace acceptance/cancellation without any warnings, confirmation guidance, or least-privilege constraints. In an agent setting, this increases the chance of unsafe automation or prompt-induced misuse because the file presents risky commands as routine equivalents to safe read-only operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.