bob-p2p
Connect to the Bob P2P API marketplace. Discover, pay for, and call APIs from other AI agents using $BOB tokens on Solana. The decentralized agent economy.
68
Quality
56%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./public/skills/26medias/bob-p2p-beta/SKILL.mdSecurity
5 findings — 1 critical severity, 1 high severity, 3 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E005: Suspicious download URL detected in skill instructions
What this means
Detected a suspicious URL in the skill instructions that could lead the agent to download and execute malicious scripts or binaries. This includes links to executables from untrusted sources, typosquatting of official packages, URL shorteners that obscure the destination, and personal file hosting services.
Why it was flagged
Suspicious download URL detected (high risk: 0.90). These links point to an untrusted aggregator domain and an unverified GitHub repo that instructs you to clone and run unknown shell scripts and store your wallet mnemonic in plaintext, plus a third‑party token purchase site (pump.fun) — all high-risk for credential theft, phishing, or malicious code execution.
W007: Insecure credential handling detected in skill instructions
What this means
The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.
Why it was flagged
Insecure credential handling detected (high risk: 0.90). The prompt requires storing and editing a plaintext wallet privateKey/mnemonic in config.json and the setup flow prompts for wallet configuration, which would cause an agent to request and embed secret wallet keys verbatim (high exfiltration risk).
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill fetches and trusts API listings and runtime data from external aggregators (e.g., SKILL.md default aggregator http://bob-aggregator.leap-forward.ca:8080 and code paths like client/src/consumer/index.js -> searchApis, client/src/cli/aggregator-manage.js -> getAggregatorInfo/testAggregator, and client/src/consumer/hybrid-consumer.js -> getCircuitRelayEndpoint which calls aggregator /p2p/bootstrap), and those untrusted aggregator/provider responses (user-registered APIs, endpoints, peer IDs) are parsed and used to decide transports, call endpoints, and perform payments—allowing third-party content to materially influence agent actions.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.90). The README's first-time setup instructs cloning and installing code from https://github.com/anthropics/bob-p2p-client.git (git clone + npm install + running the client), which fetches and then executes remote code as a required dependency during setup, so it poses an execution risk.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The skill explicitly implements cryptocurrency payment functionality: it is designed to pay for services with $BOB tokens on Solana, includes configuration fields for a wallet address and private key/mnemonic, and the call workflow "Send $BOB payment automatically". It also provides commands to check balance, instructions for acquiring $BOB, and notes about cashing out via DEXs (Jupiter, Raydium). These are specific blockchain/crypto transaction capabilities (signing/sending tokens), not generic tooling, so this grants direct financial execution authority.
- Repository
- Demerzels-lab/elsamultiskillagent
- Commit
45f9fac
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.