Back to skill

Security audit

AI Fake Review, Sybil and Sock Puppet Detector from RNWY.com (MCP + REST)

Security checks across malware telemetry and agentic risk

Overview

RNWY’s read-only trust checks look coherent, but the same skill also documents broad write actions that can create identities, API keys, on-chain records, messages, vouches, and marketplace state.

Install only if you want agents to use RNWY’s external trust, identity, and marketplace services. Treat read-only trust checks as low-friction lookups, but require explicit confirmation before registration, wallet linking, SBT minting, vouching, messaging, posting jobs, claiming jobs, or any marketplace lifecycle action. Treat returned API keys as credentials and assume wallet-linked or on-chain actions may be public and persistent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The README materially expands the skill surface beyond the stated 7 trust-intelligence tools by advertising identity registration, API key issuance, SBT minting, ERC-8004 passport minting, and marketplace/job actions. In an agent-skill context, this is dangerous because a consumer may grant the skill broader trust or invoke side-effecting capabilities not reflected in the manifest, increasing the chance of unexpected account creation, credential issuance, or on-chain actions.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest presents the skill as a 7-tool read-oriented trust intelligence service, but the body also documents numerous write-capable features such as identity registration, wallet connection, messaging, vouching, and marketplace/job actions. This mismatch can mislead an agent or user into invoking data-affecting or externally committing operations under the assumption that the skill is only for passive analysis.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill expands beyond trust analysis into social networking, messaging, vouching, and marketplace/job lifecycle actions, which are materially different from the advertised purpose. Broad capability creep increases the chance of over-privileged invocation, accidental use, or an agent taking actions with persistence, financial, or reputational consequences when only analysis was expected.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Identity creation, API key issuance, and automatic soulbound token minting are state-changing account and credential operations that fall outside a simple trust-scoring skill. In context, this is more dangerous because the skill is marketed as free trust intelligence with no API key, while hidden deeper it introduces credential generation and blockchain identity side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation encourages users to submit profile data and a wallet address for identity registration without clearly warning that this data is transmitted to a third-party service and may result in a permanent on-chain credential. For autonomous agents, this lack of disclosure is risky because wallet linkage and soulbound/passport minting can create durable identity exposure and irreversible privacy consequences.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation phrases are broad natural-language triggers such as 'Find work,' 'Post a job,' and 'Send a message,' which overlap with common assistant requests. This raises the risk of accidental skill routing and unintended external actions, especially because the skill contains write-capable features beyond simple lookup.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The registration flow returns an API key and may automatically mint a soulbound token, but the documentation does not present this as a high-visibility warning before the example call. That creates a real risk of users or agents initiating irreversible or sensitive account-affecting operations without understanding they are creating credentials and on-chain identity artifacts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Messaging, follows, and likes persist user-submitted content and social graph data, but the skill text does not clearly disclose storage, visibility, retention, or privacy implications. In a skill intended for autonomous agents, lack of these disclosures increases the chance that agents transmit sensitive or unnecessary data to a third party.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The vouch flow creates a permanent on-chain attestation, yet the irreversible nature of that action is only briefly mentioned rather than clearly emphasized before use. This is especially dangerous because blockchain attestations can create lasting reputational, legal, or financial consequences and cannot be silently undone like an ordinary API call.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.