Security audit

Publish 3d Flag

Security checks across malware telemetry and agentic risk

Overview

This Aavegotchi renderer is mostly coherent, but its direct JSON render paths can overwrite or delete user-writable files outside the intended render folder.

Review before installing. Prefer the main wrapper that generates paths under Renders, do not run direct hosted or Unity render scripts on untrusted JSON, and consider adding path allowlisting so all output and manifest files stay inside a dedicated render directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises and routes to scripts that read local reference files and invoke a hosted renderer, which implies file-read and network behavior without any declared permissions or explicit disclosure. In an agent setting, hidden capabilities reduce sandboxing and review effectiveness, making it easier for a user-triggered skill to access local data or contact remote services unexpectedly.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill states that it returns PNGs and manifest JSON and documents output paths, but it does not clearly warn users up front that running the skill writes files to local disk. In agent or shared environments, undisclosed file creation can cause privacy, storage, and operational issues, especially if users assume the action is ephemeral.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code trusts request.output paths from the input JSON and calls EnsureParent plus File.WriteAllText/File.WriteAllBytes later without constraining them to a safe workspace. An attacker who can supply the JSON can cause files to be created or overwritten at arbitrary filesystem locations accessible to the Unity process, which exceeds the expected scope of a rendering skill.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.