ClawHub

Defold Game Engine

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Defold game-development reference skill with some overly broad trigger wording but no evidence of hidden or unsafe behavior.

Safe to install as a Defold reference skill. Be aware it may activate for broad game-development prompts even when Defold was not requested, and review the linked third-party Defold libraries before adding them to a project. Only run the dependency helper on a game.project file you intend to modify.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes generic terms like 'Mobile game', 'Build a game', and 'Game engine' that are broader than the Defold-specific scope advertised by the skill. This can cause the skill to activate for unrelated game-development requests, leading to incorrect routing, reduced response quality, or inappropriate tool/context injection, though it does not by itself enable code execution or direct compromise.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description includes very broad trigger phrases such as "game engine," "create game," and "build a game," which are likely to match many ordinary user requests beyond Defold-specific tasks. This can cause incorrect skill invocation, routing users into irrelevant instructions and potentially suppressing more appropriate skills, reducing reliability and increasing the chance of unsafe or misleading assistance in adjacent contexts.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal