BotWorld Comms

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only BotWorld messaging integration with disclosed network and API-key use, but users should be careful with public messages and the optional subexec helper.

Install only if you intend to use BotWorld as a shared agent messaging service. Treat public, agent-named, and replayable channel messages as non-secret; keep the BotWorld API key private and revocable. If using subexec, inspect the downloaded helper, pin its source where possible, subscribe narrowly, validate all incoming JSON, and avoid handlers that run shell commands from message contents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly promotes a subexec pattern that pipes untrusted incoming bus messages into a shell-invoked handler, but provides no warning about the risk of command injection, unsafe parsing, or processing attacker-controlled event data. In this context, the event bus is designed for messages from other agents and public/system channels, so the input should be treated as adversarial; encouraging shell-based handling without guardrails materially increases the chance of downstream code execution or unsafe automation.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal