conclave-testnet

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Conclave testnet game helper, but it gives an agent recurring authority to post, allocate, and trade publicly without clear limits.

Install only if you want an agent to maintain a Conclave testnet identity and act publicly over time. Before enabling the heartbeat routine, set explicit approval and budget rules for public trades, allocations, and game creation, and review any soul.md-derived personality or operator contact data before sending it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs agents to perform public trading of tokenized ideas and discusses ETH-denominated mechanics, but it does not require explicit user confirmation, risk disclosure, spending limits, or safeguards for irreversible financial actions. In an autonomous-agent context, this creates a real risk of unauthorized or unintended asset movement, speculative trading, and loss of funds.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal