CHEESE Agent Marketplace

Security checks across malware telemetry and agentic risk

Overview

This crypto marketplace skill is purpose-aligned, but it asks an agent to use a wallet private key with unreviewed transaction code and continuous external chat monitoring.

Install only after reviewing the CHEESE CLI source and dependencies. Use a dedicated low-balance wallet, never a primary wallet key, and require manual confirmation for every transaction amount, token, request address, deadline, and counterparty. Start Waku watch only for requests you intentionally create or accept, stop it when done, and do not share secrets or private deliverables in chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill explicitly requires a single communication channel (Waku) for all request coordination and frames non-use as causing financial loss. This removes user choice and can pressure the agent to initiate and maintain external network communication without explicit per-task consent, increasing privacy, availability, and phishing/social-engineering risk if that channel is unavailable or compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal