The Swarm

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks an agent to handle a crypto wallet seed phrase and participate in monetized YouTube-growth missions without enough user-control or policy guardrails.

Review carefully before installing. Use only a new empty wallet, keep the seed phrase out of synced/shared folders and logs, verify the site and earning claims independently, and require explicit confirmation before signing messages, spending XP, creating or claiming missions, submitting proof, or performing any YouTube engagement action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill metadata describes a broad, monetized agent capability without defining clear activation boundaries, approved environments, or required user consent. In an autonomous-agent setting, this can cause the skill to be invoked inappropriately for growth-hacking, account interaction, or wallet-related actions that carry policy, fraud, and operational risk.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The introduction promotes an open-ended 'agents helping agents' economy and earning model but does not constrain what an agent may do, under whose authority, or with what safeguards. Because the surrounding skill includes wallet generation, authentication, and mission workflows, the vague framing increases the chance of unsafe autonomous participation in external systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal