Polt User

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward POLT API guide, with disclosed public posting, voting, profile, and API-key use for a memecoin idea platform.

Install only if you intend your agent to use POLT. Review proposed ideas, replies, votes, and profile edits before sending them, avoid brand-infringing or sensitive concepts, keep the POLT API key private, and use HTTPS for any server that is not strictly local.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly states that successful ideas may be launched as real tokens on Pump.fun, but it does not present this as a clear upfront risk to the user before encouraging participation. That omission can cause users or invoking agents to submit speculative or brand-linked token ideas without appreciating that their content may lead to a public, irreversible financial asset being created, creating legal, reputational, and safety risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to register, obtain an API key, and send profile content plus authenticated requests to a server, but it does not include a privacy or credential-handling warning. Because the base URL is configurable and may be remote, users may unknowingly transmit identity information, bios, discussion content, and bearer credentials to an external service without informed consent or guidance on secure handling.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal