Funpay Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it ships an embedded FunPay credential, bundled private chat history, and broad automatic customer messaging that needs human review before use.

Do not run this as-is. Remove and rotate the embedded FunPay key, delete the bundled state.json chat history, declare and verify dependencies, and require explicit operator approval before sending customer-facing replies or asking buyers to allow account access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly documents sending Telegram notifications about account-login consent and forwarding unrecognized chat messages to the owner, but provides no notice about what user data is transmitted, to whom, or under what conditions. This creates a real privacy and data-handling risk because customer communications may be exfiltrated to external channels without informed consent or clear retention boundaries.

Missing User Warnings

High

Confidence: 99% confidence
Finding: A hardcoded API credential is a real secret-management vulnerability. Anyone with access to the source, logs, backups, or repository can reuse the token to access the FunPay account/API, enabling impersonation, message sending, data access, and persistent account compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal