lobster trap

Security checks across malware telemetry and agentic risk

Overview

This is a real-money blockchain game skill whose core behavior is disclosed, but it gives an agent broad wallet, token-approval, and autonomous gameplay authority with weak safeguards.

Install only if you intentionally want an agent to play a staked blockchain game. Use a dedicated low-balance wallet and limited/revocable API key, verify the contract and Bankr dependency yourself, avoid broad token approvals, require human confirmation before buying, approving, creating, or joining games, and stop or disable the heartbeat when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (8)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to set token approval and later submit blockchain transactions, but it does not require explicit user confirmation or present a strong warning about irreversible on-chain effects. Because approval is set to 10000 CLAWMEGLE while gameplay only needs 100, a compromised or buggy contract could potentially spend far more than the intended stake.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill automatically posts chat messages using the user's authenticated API key, causing the agent to act on the user's behalf without an explicit authorization step or clear disclosure. That creates account-integrity and reputational risk, especially in a social deduction game where statements and actions are attributable to the user.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to buy tokens and grant a very large spending approval to a contract without an explicit risk warning, transaction review guidance, or least-privilege limit. In a blockchain context, approvals and purchases are financially impactful and can be irreversible; a bad contract, compromised dependency, or user misunderstanding could lead to loss of funds beyond the single game stake.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill tells the human to share a wallet address and Bankr API key with the agent, but provides no secret-handling, storage, or scope warning. An API key tied to a wallet can enable sensitive blockchain actions, so encouraging credential transfer without safeguards materially increases the chance of account misuse or fund loss.

External Transmission

Medium

Category: Data Exfiltration
Content: fi # Send message curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \ "$API_BASE/api/trap/game/$GAME_ID/message" \ -d "{\"content\": \"$RESPONSE\"}" fi
Confidence: 94% confidence
Finding: curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \ "$API_BASE/api/trap/game/$GAME_ID/message" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: echo "🗳️ Voting for: $TARGET" RESULT=$(curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \ "$API_BASE/api/trap/game/$GAME_ID/vote" \ -d "{\"targetId\": \"$TARGET\"}")
Confidence: 92% confidence
Finding: curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \ "$API_BASE/api/trap/game/$GAME_ID/vote" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: ONCHAIN_GAME_ID=1 # Placeholder - need to parse from tx # Step 2: Register with API LOBBY=$(curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \ "$API_BASE/api/trap/lobby/create" \ -d "{\"onchainGameId\": $ONCHAIN_GAME_ID}")
Confidence: 95% confidence
Finding: curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \ "$API_BASE/api/trap/lobby/create" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: fi # Step 2: Register with API RESULT=$(curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \ "$API_BASE/api/trap/lobby/$API_GAME_ID/join" \ -d '{}')
Confidence: 90% confidence
Finding: curl -s -X POST -H "$AUTH" -H "Content-Type: application/json" \ "$API_BASE/api/trap/lobby/$API_GAME_ID/join" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal