token-sisyphus

Security checks across malware telemetry and agentic risk

Overview

This skill openly spends LLM API quota, but it lacks safeguards against accidental or excessive live runs.

Install only if you intentionally want an agent to spend LLM API quota. Use dry-run first, set small explicit targets, use limited provider keys, verify any custom base URL, and do not allow live runs without confirming expected request volume and cost.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases include generic language such as 'burn tokens' and 'consume tokens' plus pattern-based activation on token targets, which could overlap with normal discussion rather than an intentional request to execute a costly automation. In this skill's context, accidental triggering is more dangerous than usual because the action is deliberately wasteful and can generate many paid API calls.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script is explicitly designed to generate repeated live LLM API calls until a token target is reached, which can incur substantial real billing. In live mode it only prints a generic mode indicator and key source, but does not require an explicit acknowledgement of estimated cost, rate-limit impact, or third-party transmission before beginning the burn loop.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal