AgentGuard Report
unknown mode 2026-05-29
53/ 100
TIER B — Tired

"This lobster skipped leg day... and arm day... and every day. 🦞💤"

Diagnostic Metrics

SECURITY DIMENSIONS

find_in_page Skill & Code Safety
0
key Credential & Secrets
55
lan Network & System
100
shield Runtime Protection
100
token Web3 Safety
30
0 Skills
44 Findings
B Tier

Active Vulnerability Stream

bug_reportFindings (44)

HIGH find_in_pageSkill & Code Safety

SHELL_EXEC in vulnerable-skill:malicious-helper.js:13

HIGH find_in_pageSkill & Code Safety

SHELL_EXEC in vulnerable-skill:malicious-helper.js:18

HIGH find_in_pageSkill & Code Safety

SHELL_EXEC in vulnerable-skill:malicious-helper.js:24

bug_reportFindings — 4–6 of 44
HIGH find_in_pageSkill & Code Safety

SHELL_EXEC in vulnerable-skill:malicious-helper.js:24

HIGH find_in_pageSkill & Code Safety

OBFUSCATION in vulnerable-skill:malicious-helper.js:33

HIGH find_in_pageSkill & Code Safety

OBFUSCATION in vulnerable-skill:malicious-helper.js:85

bug_reportFindings — 7–9 of 44
HIGH find_in_pageSkill & Code Safety

OBFUSCATION in vulnerable-skill:malicious-helper.js:18

HIGH find_in_pageSkill & Code Safety

OBFUSCATION in vulnerable-skill:malicious-helper.js:24

HIGH find_in_pageSkill & Code Safety

OBFUSCATION in vulnerable-skill:malicious-helper.js:33

bug_reportFindings — 10–12 of 44
HIGH find_in_pageSkill & Code Safety

OBFUSCATION in vulnerable-skill:malicious-helper.js:85

HIGH find_in_pageSkill & Code Safety

OBFUSCATION in vulnerable-skill:malicious-helper.js:1

HIGH find_in_pageSkill & Code Safety

OBFUSCATION in vulnerable-skill:malicious-helper.js:1

bug_reportFindings — 13–15 of 44
HIGH find_in_pageSkill & Code Safety

DANGEROUS_SELFDESTRUCT in vulnerable-skill:malicious-contract.sol:43

MEDIUM find_in_pageSkill & Code Safety

READ_ENV_SECRETS in vulnerable-skill:malicious-helper.js:37

MEDIUM find_in_pageSkill & Code Safety

READ_ENV_SECRETS in vulnerable-skill:malicious-helper.js:38

bug_reportFindings — 16–18 of 44
MEDIUM find_in_pageSkill & Code Safety

READ_ENV_SECRETS in vulnerable-skill:malicious-helper.js:46

MEDIUM find_in_pageSkill & Code Safety

HIDDEN_TRANSFER in vulnerable-skill:malicious-contract.sol:63

MEDIUM find_in_pageSkill & Code Safety

HIDDEN_TRANSFER in vulnerable-skill:malicious-contract.sol:73

bug_reportFindings — 19–21 of 44
MEDIUM find_in_pageSkill & Code Safety

PROXY_UPGRADE in vulnerable-skill:malicious-contract.sol:55

MEDIUM find_in_pageSkill & Code Safety

PROXY_UPGRADE in vulnerable-skill:malicious-contract.sol:53

MEDIUM find_in_pageSkill & Code Safety

FLASH_LOAN_RISK in vulnerable-skill:malicious-contract.sol:61

bug_reportFindings — 22–24 of 44
MEDIUM find_in_pageSkill & Code Safety

FLASH_LOAN_RISK in vulnerable-skill:malicious-contract.sol:61

MEDIUM find_in_pageSkill & Code Safety

FLASH_LOAN_RISK in vulnerable-skill:malicious-contract.sol:65

MEDIUM find_in_pageSkill & Code Safety

FLASH_LOAN_RISK in vulnerable-skill:malicious-contract.sol:91

bug_reportFindings — 25–27 of 44
MEDIUM tokenWeb3 Safety

No transaction security API — Web3 calls are unverified

CRITICAL find_in_pageSkill & Code Safety

AUTO_UPDATE in vulnerable-skill:malicious-helper.js:27

CRITICAL find_in_pageSkill & Code Safety

AUTO_UPDATE in vulnerable-skill:malicious-helper.js:21

bug_reportFindings — 28–30 of 44
CRITICAL find_in_pageSkill & Code Safety

AUTO_UPDATE in vulnerable-skill:malicious-helper.js:22

CRITICAL find_in_pageSkill & Code Safety

AUTO_UPDATE in vulnerable-skill:malicious-helper.js:27

CRITICAL find_in_pageSkill & Code Safety

AUTO_UPDATE in vulnerable-skill:malicious-helper.js:28

bug_reportFindings — 31–33 of 44
CRITICAL find_in_pageSkill & Code Safety

AUTO_UPDATE in vulnerable-skill:malicious-helper.js:21

CRITICAL find_in_pageSkill & Code Safety

READ_SSH_KEYS in vulnerable-skill:malicious-helper.js:42

CRITICAL find_in_pageSkill & Code Safety

READ_KEYCHAIN in vulnerable-skill:malicious-helper.js:44

bug_reportFindings — 34–36 of 44
CRITICAL find_in_pageSkill & Code Safety

READ_KEYCHAIN in vulnerable-skill:malicious-helper.js:46

CRITICAL find_in_pageSkill & Code Safety

PRIVATE_KEY_PATTERN in vulnerable-skill:malicious-helper.js:50

CRITICAL find_in_pageSkill & Code Safety

PRIVATE_KEY_PATTERN in vulnerable-skill:malicious-helper.js:50

bug_reportFindings — 37–39 of 44
CRITICAL find_in_pageSkill & Code Safety

MNEMONIC_PATTERN in vulnerable-skill:malicious-helper.js:53

CRITICAL find_in_pageSkill & Code Safety

MNEMONIC_PATTERN in vulnerable-skill:malicious-helper.js:53

CRITICAL find_in_pageSkill & Code Safety

WEBHOOK_EXFIL in vulnerable-skill:malicious-helper.js:70

bug_reportFindings — 40–42 of 44
CRITICAL find_in_pageSkill & Code Safety

WEBHOOK_EXFIL in vulnerable-skill:malicious-helper.js:77

CRITICAL find_in_pageSkill & Code Safety

WALLET_DRAINING in vulnerable-skill:malicious-contract.sol:21

CRITICAL keyCredential & Secrets

Plaintext private key found in skill code or workspace

bug_reportFindings — 43–44 of 44
CRITICAL keyCredential & Secrets

Plaintext mnemonic found in skill code or workspace

CRITICAL tokenWeb3 Safety

Wallet-draining pattern detected in skill code

verified_user

Network & System, Runtime Protection

No active threats detected. Clinically sterile.

Security Analysis

analyticsDiagnostic Report

monitor_heart

System Health

STABILIZING

Action Items

1 HIGH Run /agentguard scan on all installed skills and review flagged findings.
2 LOW Enable auto-scan on session start: export AGENTGUARD_AUTO_SCAN=1
3 LOW Upgrade to enhanced Skill scanning with GoPlus AgentGuard for 24/7 real-time monitoring and automated alerts.
🦞

24/7 Agent Protection

Automated skill scanning, threat intelligence feeds & team security dashboard.

Upgrade Skill Scanning