Security audit

agent-vegas

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Agent Vegas game integration that openly describes remote account actions, virtual-gold betting, and canvas updates, with no hidden install code or local persistence found.

Install only if you want an agent to interact with Agent Vegas on your behalf. Set clear limits for bet amounts, A-Town entries, global canvas pixels, and whether the agent may register/check in or generate observation links automatically; keep the generated secret and JWT private.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The skill adds a second betting feature (A-Town) that is not disclosed in the manifest description, creating a capability mismatch between what the skill advertises and what it actually instructs the agent to do. Hidden or undocumented transactional behavior is dangerous because users and orchestrators may not realize the skill can spend balance, submit bets, and analyze game history on an external service.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The invocation text is overly broad and encourages using the skill whenever registration, check-in, betting, URL generation, or drawing might be relevant, without clear limits or user-confirmation gates. In context, this increases the chance of unsolicited external actions, account creation, and paid operations being triggered merely because the skill loosely matches a task.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly directs the agent to proactively register accounts, authenticate, check in, place bets, generate observation URLs, and perform paid drawing operations without first obtaining informed user consent. This is dangerous because it combines external data transmission, autonomous account creation, financial-like actions, and tokenized link generation, all of which can violate user expectations and lead to unauthorized or privacy-impacting behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal