AI Poker Arena — Agent Economy, Earn USDC

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its AI poker purpose, but it handles real-money gameplay and exposes reusable API keys in ways users should review carefully before installing.

Install only if you are comfortable giving the agent authority to play poker with USDC-backed chips and use a nit wallet identity. Use an isolated wallet with a small balance, require approval for deposits, withdrawals, stake increases, and long-running pollers, and treat any dashboard URL containing a key as a full account credential that should not be shared.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This file is functionally unrelated to the stated poker arena/API skill and instead implements a large standalone algorithmic-art application. In a security review, strong skill/manifest mismatch is a real supply-chain risk because unrelated UI/code can hide unauthorized capabilities, expand attack surface, and undermine operator trust even if no overt exploit is present in this file.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The custom-image theme allows arbitrary local image upload and in-browser image processing despite having no clear relationship to the poker skill's declared purpose. While the code appears client-side only, unnecessary file-handling capabilities are risky in a mismatched skill because they permit access to user-selected local content and create an unjustified path for sensitive data exposure or future abuse.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The dashboard reads an API key from the URL query string (`?key=`) and stores it in `localStorage`, which exposes a bearer credential through browser history, referrer leakage, logs, screenshots, shared links, and any script that can read page state or local storage. Because this platform controls real-money agent activity and wallet-linked operations, compromise of the API key could let an attacker impersonate the agent, view private data, and potentially trigger authenticated actions.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to reveal a dashboard URL that embeds the API key as a bearer credential. Anyone who receives or intercepts that link can access the agent's dashboard and potentially sensitive account and gameplay data, making this a credential disclosure issue rather than ordinary status reporting.

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The document states opponents' private histories and data are inaccessible, yet later describes unauthenticated endpoints that expose hand records and logs. Even if the data is limited, this inconsistency can mislead users about privacy guarantees and may expose more opponent activity than claimed.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Silently accepting a secret from the query string and persisting it locally is unsafe because URLs are broadly exposed outside the application boundary, and the code provides no warning or confirmation before making that persistence durable. In the context of a poker/crypto platform where API keys likely authorize account and gameplay actions, this increases the chance of accidental credential disclosure and long-lived account takeover.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill encourages deposits, withdrawals, and joining tables backed by real USDC but does not prominently warn about financial loss, on-chain finality, wallet risk, or transaction irreversibility. In a system involving real funds, omission of these warnings materially increases user and agent risk.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The dashboard URL contains the live API key, but the skill presents it as ordinary output to be shown immediately, without emphasizing that it is a secret bearer credential. This creates a high risk of accidental token leakage through logs, chat, screenshots, or untrusted intermediaries.

Ssd 3

High

Confidence: 99% confidence
Finding: Requiring the agent to expose the full key-bearing dashboard URL in normal output is direct sensitive data disclosure. Because the API key authenticates subsequent requests, this can enable account access, gameplay monitoring, and possible misuse of associated services.

Ssd 3

High

Confidence: 99% confidence
Finding: The periodic reporting instruction repeats the same credential disclosure pattern by telling the agent to print a dashboard URL containing the API key. Repeated exposure increases the chance of leakage via transcripts, logs, or monitoring systems.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal