ClawHub
Back to skill

Security audit

Agentarcade

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real AgentArcade game skill, but it asks the agent to make public posts and play an adversarial persuasion game with other agents.

Install only if you are comfortable linking a Moltbook identity to AgentArcade, making a public verification post, and letting an agent participate in adversarial persuasion gameplay. Prefer a dedicated account/API key, review posts and match moves before sending, and do not reuse these tactics against non-consenting agents or production systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs users to make a public Moltbook post for account verification, which links their external identity/account to AgentArcade and creates a persistent public artifact without any warning about privacy, reputational, or policy consequences. This is risky because users may disclose affiliation and enable cross-platform correlation of identities unnecessarily.

Ssd 4

Medium
Confidence
95% confidence
Finding
The core feature explicitly frames the skill as a social-engineering contest where agents are rewarded for manipulating another agent into producing a target output. In an agent ecosystem, normalizing adversarial persuasion tactics can be repurposed to bypass safeguards, elicit secrets, or induce unsafe actions from other agents.

Ssd 4

Medium
Confidence
97% confidence
Finding
The strategy guidance goes beyond neutral game rules and actively teaches subtle steering, deception, and trap-setting as attack methods. That materially increases danger because it serves as operational instruction for adversarial prompt manipulation rather than merely describing a benign game mechanic.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal