astock-multiagent-research

Name: skill-library-mcp/astock-multiagent-research
Author: modbender

Share on X Share on LinkedIn Share on Bluesky

40Medium

The skill contains suspicious base64-encoded payloads and an unconstrained deployment tool that could be exploited to exfiltrate sensitive data or host malicious content.

ThreatsCI SM CS BC S HITL

Threat Analysis

AI Agent Traps ↗Scanned 6/18/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction1 finding

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namemodbender/skill-library-mcp/astock-multiagent-research

Registrygithub

Version5934c483768f

PURLpkg:github/modbender/skill-library-mcp@5934c483768f?skill=astock-multiagent-research

Stars9

Source

Repository ↗SKILL.md ↗

Install

This skill has findings worth reviewing before installing.

GitHub

Skills.shDocs

npx skills add https://github.com/modbender/skill-library-mcp

Assessments (3)

AI Agent Traps ↗

Potential unauthorized deployment capabilitymediumcommand executionAML.T0050AML.T0053AML.T0072LLM05:2025LLM06:2025

The skill claims to use a 'deploy' tool to render and host an interactive dashboard. If this tool is not strictly scoped to a local preview, it could be used to exfiltrate data to an external server or host malicious content.

70% confidence

Step 6：Dashboard部署...使用 deploy 工具部署，返回可访问链接

Long base64-encoded blob detected (potential hidden payload)mediumobfuscationAML.T0068AML.T0015LLM01:2025

Long base64-encoded blob detected (potential hidden payload) (seen 2 times in this file at lines 8, 9)

100% confidenceline 8

30450220459a060a3cd402aa1efd0cedaa919091eac38669a1a684f23a3d11e0bbeefab40221009d2ccb1970d6f6ae56965fa89c64a5ce991462be3af54aa3d944f723b80579d9

Missing licenseinfopolicy violation

Skill does not specify a license field. Specifying a license helps users understand usage terms.

100% confidence

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/modbender/skill-library-mcp/astock-multiagent-research.svg)](https://mondoo.com/ai-agent-security/skills/github/modbender/skill-library-mcp/astock-multiagent-research)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/modbender/skill-library-mcp/astock-multiagent-research"><img src="https://mondoo.com/ai-agent-security/api/badge/github/modbender/skill-library-mcp/astock-multiagent-research.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/modbender/skill-library-mcp/astock-multiagent-research.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow