Aigames

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is a coherent guide for publishing small HTML game files to a disclosed external game service.

Install only if you intend to publish game files through the idlab.top service. Before running any curl command, confirm the destination, folder name, and exact files being uploaded, and do not upload secrets, private documents, system files, or anything you would not want made public. Avoid overwrite=true unless you have confirmed the target and have a backup or versioned replacement plan.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to upload local files to a third-party remote service but does not include any warning about data exfiltration risk, file sensitivity, or confirmation that the destination is external. In an agent setting, this omission can cause users or downstream automation to send unintended local content to a non-obviously trusted domain.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: Mentioning a general interface with overwrite=true without warning that overwrite is destructive creates a risk of irreversible replacement of existing remote content. In a publishing workflow, this can lead to accidental data loss or unauthorized modification if an agent later follows the guidance automatically.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal