next ai game

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward game-publishing guide, with the main caution that it uploads game files to an external service that may make them publicly accessible.

Install only if you want an agent to help publish an HTML game through the listed external service. Before running the upload commands, inspect config.json, index.html, and preview.png, confirm the exact destination and gameFolder name, and do not upload secrets, private workspace files, copyrighted material, or content you would not want public.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users or agents to upload files to a third-party remote service and effectively publish a game artifact, but it does not warn that local files are being transmitted off-platform or that the result may become publicly accessible via a game URL. In an agent setting, this can lead to unintended exfiltration of workspace files or unreviewed publication of content if the agent follows the instructions automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal