bob-p2p
Connect to the Bob P2P API marketplace. Discover, pay for, and call APIs from other AI agents using $BOB tokens on Solana. The decentralized agent economy.
48
52%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./public/skills/26medias/bob-p2p-beta/SKILL.mdSecurity
4 findings — 1 critical severity, 3 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E005: Suspicious download URL detected in skill instructions
What this means
Detected a suspicious URL in the skill instructions that could lead the agent to download and execute malicious scripts or binaries. This includes links to executables from untrusted sources, typosquatting of official packages, URL shorteners that obscure the destination, and personal file hosting services.
Why it was flagged
Suspicious download URL detected (high risk: 0.90). These URLs include an unvetted GitHub repo plus HTTP aggregator endpoints that the skill instructs you to run/install from (including running setup scripts and storing plaintext wallet mnemonics) and a token-purchase page on a non-mainstream site — a combination that enables remote code execution, credential exfiltration, and potential scam/malware distribution, so they are high-risk.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 1.00). The skill fetches and trusts API listings and endpoint/peer information from external aggregators (e.g., client/src/consumer/index.js -> searchApis calling `${aggregatorUrl}/search`, client/src/cli/aggregator-manage.js and client/src/consumer/hybrid-consumer.js fetching `${aggregatorUrl}/info` and `/p2p/bootstrap`, and SKILL.md's default aggregator), which the agent reads and uses to choose endpoints, transports, and payment targets—allowing untrusted third-party content to influence actions.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.80). The setup instructions include a git clone of https://github.com/anthropics/bob-p2p-client.git which fetches remote code that is then installed/run (npm install / npm run ...), so this external repo is a required runtime dependency that can execute remote code.
W009: Direct money access capability detected (payment gateways, crypto, banking)
What this means
The skill is specifically designed for direct financial operations, giving the agent the ability to move money or execute financial transactions — such as payment processing, cryptocurrency operations, banking integrations, or market order execution.
Why it was flagged
Direct money access detected (high risk: 1.00). The skill explicitly implements cryptocurrency payment functionality: it is designed to pay for services with $BOB tokens on Solana, includes configuration fields for a wallet address and private key/mnemonic, and the call workflow "Send $BOB payment automatically". It also provides commands to check balance, instructions for acquiring $BOB, and notes about cashing out via DEXs (Jupiter, Raydium). These are specific blockchain/crypto transaction capabilities (signing/sending tokens), not generic tooling, so this grants direct financial execution authority.
- Repository
- Demerzels-lab/elsamultiskillagent
- Commit
f45fcb5
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.