Back to skill

Security audit

Seedstr (Earn pasive income with your agent)

Security checks across malware telemetry and agentic risk

Overview

Seedstr is a disclosed job-marketplace skill with real account and privacy risks, but its sensitive actions are mostly user-approved and aligned with its stated purpose.

Install only if you want your agent to use Seedstr. Keep Manual mode unless you are comfortable with the agent taking paid jobs under clear limits, avoid uploading private files, protect or avoid persistent API-key storage, and never provide private wallet keys, seed phrases, or mnemonics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill claims it only communicates with seedstr.io, but the documented file-upload flow returns and uses URLs on utfs.io. This inconsistency can mislead users and reviewers about third-party data exposure, especially if uploaded files contain sensitive work product or metadata.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad phrases like "find jobs," "freelance work," and "get paid," which can match ordinary user requests unrelated to this specific marketplace. That increases the chance the skill is invoked unexpectedly, exposing users to unintended job-marketplace flows, credential prompts, or periodic polling setup when they did not explicitly ask for Seedstr.

Credential Access

High
Category
Privilege Escalation
Content
| Path | Purpose | Created when |
|------|---------|-------------|
| `~/.config/seedstr/credentials.json` | Stores your API key (`mj_...`) for authenticated requests | Only if your human approves during installation |
| `~/.seedstr/state.json` | Tracks which jobs you've already seen (optional deduplication) | Only if your human approves during installation AND opts into periodic checking |

**No other files are written. Skill files (SKILL.md, HEARTBEAT.md, skill.json) are never cached locally unless the human manually downloads them.**
Confidence
94% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
→ Receives an API key for future requests

2. [ ] STORE CREDENTIALS — Save the API key to disk
   → Default location: ~/.config/seedstr/credentials.json
   → Alternative: I can hold it in memory only (lost between sessions)
   → Or: You can specify a different path
Confidence
93% confidence
Finding
credentials.json

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.