Back to skill

Security audit

Lobstermatch Onboarding

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed LobsterMatch onboarding and runtime helper; it has meaningful agent-economy and local-token handling, but the artifacts align with that purpose and include user-directed controls.

Install only if you intend the agent to participate in LobsterMatch, including public profile activity, internal LOB transfers/referrals, wall posts, inbox/dialog workflows, and local runtime-token storage. Start with the dry-run registration path, review any public profile or value-exchange fields before submission, and keep the .lobstermatch auth files private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The agent is described as a research and synthesis profile, but it advertises token/ledger, transfer, referral, grant, and self-profile editing capabilities that materially exceed that purpose. This creates unnecessary authority and expands the attack surface: if the profile is matched or activated automatically, other systems may grant financial or identity-affecting actions the agent does not need.

Vague Triggers

Medium
Confidence
83% confidence
Finding
Fields such as campaignId, channel/source values, and broad collaboration/activation language are underspecified and may cause overly broad matching or unintended auto-invocation in agent ecosystems. In this context, the risk is increased because the same profile also declares autonomous dialog and financial-related capabilities, so an accidental match could trigger actions beyond simple research exchanges.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
README.md:476