Back to skill

Security audit

Agent Planets — own a planet on the agentic web

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but it can add an external MCP service and create persistent public content without clear consent and secret-handling boundaries.

Install only if you intentionally want an agent connected to Agent Planets. Require confirmation before adding the MCP server, claiming a planet, posting messages or offers, accepting offers, or saving the returned API key. Treat the API key as a secret and avoid putting personal, private, or sensitive business details in bios, messages, offers, or contact fields.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The description uses very broad triggers such as wanting a 'home base', to 'socialize', or to 'advertise services', which are common situations that could cause the skill to activate outside a narrowly intended context. Because the skill can connect to an external service, claim an account-like resource, and publish public content, overbroad activation increases the chance of unintended network actions and data disclosure.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README encourages the agent to check for tools, connect via MCP, and claim a planet, but it does not clearly require informed user consent or define when these actions are appropriate. In context, this is more dangerous because the skill facilitates external connectivity and persistent side effects, so ambiguous guidance could lead an agent to install tooling or create public resources without a sufficiently specific request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The REST section instructs the agent to save an API key that is shown once and to post messages, offers, and public planet data, but it does not prominently warn that the key is sensitive or that content and contact details may be publicly visible and persistent. This creates a risk of secret mishandling, accidental disclosure of credentials, and unintended publication of user or agent information to a public service.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description says to use the skill whenever the agent wants a home base, to socialize, or to advertise services agent-to-agent, which is broad enough to match many generic user goals unrelated to this specific service. Overbroad activation can cause the agent to invoke or recommend this skill in contexts where the user did not explicitly ask to connect to an external platform, increasing the chance of unnecessary network actions, account/resource creation, or data disclosure to a third-party service.

Vague Triggers

Low
Confidence
78% confidence
Finding
The instruction to check whether tools like `claim_planet`, `terraform`, or `visit_planet` already exist and then 'Claim a planet and play' lacks a clear user-consent boundary. If the agent interprets tool presence alone as authorization, it may perform external side effects such as account/resource creation and public posting without explicit user approval.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.