gauntletscore
gauntletscore · v5.1.5 · by Genstrata, Inc.
64.8
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 10.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 60.0 | 15% |
| Clickfix | 65.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 100.0 | 10% |
| Infrastructure | 0.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 10.6 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 10
[CRITICAL] Remote code download and execution via curl pipe
(line 82)
- Download-and-execute attacks (curl | bash)
[HIGH] Prompt injection or system override attempt
(line 83)
- Prompt injection ("ignore previous instructions")
[CRITICAL] Remote script download piped to shell execution
(line 82)
- Download-and-execute attacks (curl | bash)
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 60
[CRITICAL] Classic prompt injection: ignore previous instructions
(line 83)
- Prompt injection ("ignore previous instructions")
CLICKFIX — Score: 65
[CRITICAL] Instructs user to pipe downloaded content to shell
(line 82)
- Download-and-execute attacks (curl | bash)
INFRASTRUCTURE — Score: 0
[HIGH] Random-looking subdomain pattern (DGA-like, possible C2)
(line 119)
- [API Documentation](https://gauntletscore.com/docs)
[HIGH] Random-looking subdomain pattern (DGA-like, possible C2)
(line 120)
- [Terms of Service](https://gauntletscore.com/terms)
[HIGH] Random-looking subdomain pattern (DGA-like, possible C2)
(line 121)
- [Privacy Policy](https://gauntletscore.com/privacy)
[HIGH] Random-looking subdomain pattern (DGA-like, possible C2)
(line 122)
- [Acceptable Use Policy](https://gauntletscore.com/acceptable-use)
TWOSTAGE — Score: 100
No findings.
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.