Casino Bonus Hunter

Security checks across malware telemetry and agentic risk

Overview

This skill is not stealing data or controlling casino accounts, but it overstates live-scanning/source-backed rankings and can repeatedly overwrite a user-configured local file.

Read this carefully before installing: it is a scheduled gambling-ranking automaton using static hard-coded data, not a verified live casino scanner. Do not treat its EV rankings as financial advice, and do not set BONUS_OUTPUT_FILE to any important path because the job can overwrite it every six hours.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (7)

Tainted flow: 'out_file' from os.environ.get (line 155, credential/environment) → open (file write)

Medium

Category: Data Flow
Content: } out_file = os.environ.get("BONUS_OUTPUT_FILE", "/tmp/casino_bonuses.json") with open(out_file, "w") as f: json.dump(output, f, indent=2) print(f"\nCasino Bonus Hunter — {len(results)} bonuses ranked by EV (adjusted for reputation)")
Confidence: 93% confidence
Finding: with open(out_file, "w") as f:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises behavior that reads environment variables and writes a local file, but it declares no corresponding permissions or capability boundaries. This creates a transparency and least-privilege problem: users or orchestrators may invoke it without understanding that it can access local configuration and persist data to disk.

Description-Behavior Mismatch

Low

Confidence: 78% confidence
Finding: Writing results to disk is an extra capability beyond the stated purpose of calculating and outputting a ranked list. On its own this is low risk, but in agent environments undeclared file writes reduce transparency and can create persistence or unintended data exposure, especially when combined with an environment-controlled path.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The code exposes filesystem write capability through BONUS_OUTPUT_FILE even though the skill's purpose does not require arbitrary file creation. In a broader agent context, unnecessary file-write primitives enlarge the attack surface and can be abused to overwrite user files, tamper with downstream workflows, or store misleading artifacts.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The function accepts a deposit_required parameter and comments that net EV should deduct the required deposit, but the implementation ignores it entirely. In this casino-bonus context, that can systematically overstate profitability and produce misleading rankings, causing users or downstream agents to make financially harmful decisions based on inaccurate outputs.

Vague Triggers

Medium

Confidence: 70% confidence
Finding: The skill description is broad and lacks clear activation constraints, input expectations, or trigger examples, which can cause overbroad invocation in contexts the user did not intend. While not directly exploitable on its own, ambiguous routing increases the chance this skill runs unexpectedly and performs file output or environment-dependent behavior without sufficient user awareness.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill discloses that it writes results to `/tmp/casino_bonuses.json` but does not warn about local file creation, possible overwriting, or data persistence. Even though `/tmp` is less sensitive than system paths, silent local output can leak user activity, collide with existing files, or surprise users who expected a purely in-memory result.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal