Description-Behavior Mismatch
High
- Confidence
- 96% confidence
- Finding
- The manifest metadata identifies the skill as 'verified-agent-identity' for decentralized identity and attestation workflows, but the embedded agent.json describes an unrelated agent named 'BitBrawlers AI' for Web3 automation and analysis. This kind of metadata mismatch can mislead users, reviewers, or automated tooling about what is actually being installed or executed, creating a supply-chain trust issue and increasing the chance of deceptive packaging.
