Lottery Predictor

Security checks across malware telemetry and agentic risk

Overview

The lottery analysis is mostly coherent, but the package includes an under-disclosed payment module with a hardcoded API key and external payment calls.

Review this before installing. The lottery analysis code appears mostly local and user-directed, but the included payment.py file contacts SkillPay, contains a hardcoded API key, and is not clearly disclosed in the main usage flow. Install only if you accept that payment-related behavior, or after the publisher removes the embedded key and documents any billing or external verification requirements.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill advertises executable behaviors that imply file read/write and network access, but it declares no permissions. This creates a trust and sandboxing problem: users and hosting platforms cannot accurately assess or constrain what the skill may do, and the undocumented capabilities include persistence and external data access that can expose local data or enable unexpected outbound requests.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The documented purpose is lottery analysis, but the static finding indicates additional behaviors including payment verification, balance lookup, a hardcoded secret API key, and persistent tracking/evolution features not clearly disclosed. Hidden payment-related network calls and embedded secrets materially increase risk because they can lead to credential leakage, unauthorized third-party interactions, billing surprises, and collection of user activity beyond what users reasonably expect from the description.

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The docstring states payment should be enforced before use, but the exception handler returns True on verification errors, creating a fail-open access-control bypass. An attacker or ordinary user could gain access simply by causing the payment verification request to fail, such as through network disruption or API errors.

Missing User Warnings

High

Confidence: 99% confidence
Finding: A live API credential is hardcoded directly in source, making it easy to extract from the package, repository, logs, or copied code. Anyone obtaining the key could impersonate the skill to the payment provider, query balances, or submit verification requests, potentially causing unauthorized usage or financial abuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal