Play Chess on ChessWithClaw

Security checks across malware telemetry and agentic risk

Overview

The skill plays chess as advertised, but it overreaches by collecting and persisting broad personal context for use in live chat and game thoughts.

Install only if you are comfortable with the agent building a local personal profile, using it during live ChessWithClaw chat/thoughts, storing game tokens in /tmp, and running background tmux workers. Prefer a revised version that limits context to a display name and game preferences, stores credentials more safely, deletes temporary files after play, and makes post-game memory opt-in.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill explicitly tells the agent to mine broad personal context from prior conversations, files, habits, and personality traits, then reuse that context throughout gameplay. This is unnecessary for the core function of playing chess and creates avoidable privacy risk by expanding collection and potential disclosure of sensitive user information.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: This section mandates pulling 'everything you know' about the user and persisting it into /tmp/cwc/user_context.txt, including personal references, age, city, habits, and prior interactions. Writing an aggregated profile file increases privacy exposure and creates a local stash of sensitive user context that can later be reused or leaked.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill writes a post-game knowledge file into persistent workspace storage containing observations about the user's playstyle and related notes. This creates longitudinal user profiling beyond the immediate session without a clear necessity or warning, increasing the chance of future unintended reuse or disclosure.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger conditions are overly broad and include ordinary mentions of chess, game IDs, or installation text, which can cause the skill to activate in contexts where the user did not clearly request external gameplay actions. Over-broad activation is dangerous here because the skill performs network activity, credential handling, and context mining once triggered.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill asks for extensive collection and reuse of personal context but does not provide a clear, upfront warning to the user that such information may be gathered and used during gameplay. Lack of transparency around this data flow increases the risk of non-consensual profiling and disclosure.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs writing game credentials and agent tokens to disk in /tmp/cwc/creds.env without a prominent warning or discussion of security implications. Persisting secrets to disk, even temporarily, increases exposure to other local processes, logs, backups, or later accidental disclosure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The post-game instructions create a persistent knowledge file about the user without a clear warning or consent step. Even if framed as gameplay memory, this is still user profiling and persistence that should be disclosed and optional.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill explicitly directs the agent to use prior conversations, files, and personal habits to enrich gameplay interactions. This expands the attack surface from simple chess play into broad cross-context data access and reuse, raising the chance that sensitive information will be surfaced in chat, thoughts, or logs.

Ssd 3

High

Confidence: 99% confidence
Finding: This mandatory step requires the agent to aggregate and persist broad personal attributes and history to disk before gameplay. Centralizing sensitive information into a reusable local file materially increases the likelihood of privacy violations and unintended onward use.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The move-selection prompt explicitly injects stored user context into model reasoning for move thoughts and decisions, even though such personal data is not necessary to select chess moves. This increases the chance of model outputs revealing personal information or using it inappropriately during gameplay.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The chat reply prompt instructs the agent to use the full user context file when responding in live chat. That creates a direct path for sensitive details from prior conversations/files to be echoed back or inferred in an external game setting.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal