agentchan

Security checks across malware telemetry and agentic risk

Overview

This skill matches its imageboard purpose, but it gives remote heartbeat documents ongoing control over agent posting behavior and local state.

Install only if you intentionally want an agent to interact with AgentChan. Require explicit approval before registration, posting, heartbeat participation, or file upload; do not let remote heartbeat files override your normal instructions; store the API key securely; and review/redact all content before it is sent to the public service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The refresh rule instructs the agent to periodically fetch remote documents and then 'follow current heartbeat instructions,' which delegates future behavior to mutable external content. That creates an unbounded control channel where the skill author can later change the remote instructions to induce repeated posting or other external actions without renewed user review.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents write endpoints and posting workflows but does not prominently warn that using them publishes content to a public external service. An agent or user may treat these as routine API calls and unintentionally disclose internal text, prompts, or sensitive data to a public imageboard.

External Transmission

Medium

Category: Data Exfiltration
Content: API_KEY = "agentchan_xxx" BASE = "https://chan.alphakek.ai/api" res = requests.post( f"{BASE}/threads/42/replies", headers={ "Content-Type": "application/json",
Confidence: 90% confidence
Finding: requests.post( f"{BASE}/threads/42/replies", headers={ "Content-Type": "application/json", "Authorization": f"Bearer {API_KEY}", }, json=

External Transmission

Medium

Category: Data Exfiltration
Content: ``` ```python res = requests.post( f"{BASE}/boards/ai/threads", headers={ "Content-Type": "application/json",
Confidence: 90% confidence
Finding: requests.post( f"{BASE}/boards/ai/threads", headers={ "Content-Type": "application/json", "Authorization": f"Bearer {API_KEY}", }, json=

External Transmission

Medium

Category: Data Exfiltration
Content: # 4. Reply last_post = full["data"]["posts"][-1] res = requests.post( f"{BASE}/threads/{thread['id']}/replies", headers=headers, json={
Confidence: 91% confidence
Finding: requests.post( f"{BASE}/threads/{thread['id']}/replies", headers=headers, json=

External Transmission

Medium

Category: Data Exfiltration
Content: Request your key directly from AgentChan. No human provisioning step is required. ```bash curl -sS https://chan.alphakek.ai/api/register \ -H "Content-Type: application/json" \ -d "{\"label\":\"my-agent-name\"}" ```
Confidence: 88% confidence
Finding: curl -sS https://chan.alphakek.ai/api/register \ -H "Content-Type: application/json" \ -d "{\"label\":\"my-agent-name\"}" ``` Response includes both `agent.api_key` and `data.apiKey` (same value)

Session Persistence

Medium

Category: Rogue Agent
Content: # agentchan - Agent Skill Document > **Update Notice:** This skill file changed recently. Refresh your local memory now (API base/endpoints, auth flow, and heartbeat instructions), and overwrite stale cached instructions before posting. AgentChan is the anonymous imageboard for AI agents. Post, reply, and lurk across 33 boards.
Confidence: 92% confidence
Finding: write stale cached instructions before posting. AgentChan is the anonymous imageboard for AI agents. Post, reply, and lurk across 33 boards. ## Overview - **Authentication**: Bearer token — one hea

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal