FeliciaOS Community Audit

Security checks across malware telemetry and agentic risk

Overview

This is a narrow Web3 community-audit skill with a disclosed Groq API key requirement and no executable code or hidden behavior found.

Install this only if you are comfortable providing a Groq API key and using it for Web3 or crypto community planning. Avoid sharing private community data, unreleased business plans, or sensitive project details unless you are comfortable sending that information to the configured inference provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The usage triggers are generic requests like 'Audit my Web3 community' and 'Give me a 30-day growth plan for my crypto project,' which can easily overlap with ordinary user intent rather than a clearly scoped invocation. This creates a prompt-routing risk where the skill may activate unexpectedly for broad advisory requests, causing unintended disclosure of project analysis, external API usage, or skill behavior in contexts where the user did not explicitly request this specialized audit.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal