Back to skill

Security audit

WorksHub

Security checks across malware telemetry and agentic risk

Overview

This WorksHub skill appears to be a real platform bridge, but it can use an account API key to create paid tasks, accept workers, and send messages without documented approval safeguards.

Install only if you intentionally want an agent to operate a WorksHub account. Use a dedicated revocable API key, keep WORKSHUB_API_URL unset unless you fully trust the endpoint, and require manual approval before posting bounties, accepting applicants, canceling tasks, sending messages, or sharing sensitive task details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest presents the skill as a hiring-platform integration, but the code also performs authentication and API-key creation via `send_code` and `login-and-create-key`. This expands the capability surface into account access and credential issuance, which is sensitive and can surprise users or calling agents that expect only marketplace operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill enables real-world actions with financial and social consequences: posting paid tasks, messaging external workers, sharing task details, and completing payments. Without an explicit warning and confirmation guidance, an agent or user may trigger irreversible spending, disclose sensitive information to third parties, or initiate real-world engagements without adequate awareness or consent.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The bridge forwards user-supplied arguments directly to remote API endpoints and performs network actions without any explicit user-facing warning or confirmation. In an agent setting, this can lead to unintended data disclosure or state-changing actions such as sending messages, starting conversations, creating bounties, or logging in on behalf of a user without clear awareness.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The bridge silently consumes `WORKSHUB_API_KEY` from the environment and attaches it to authenticated requests, which can cause actions to be executed under a user's account without explicit disclosure at invocation time. In a skill context, hidden credential use is risky because agents may trigger account-scoped reads or writes that the operator did not realize were authenticated.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.