Back to skill

Security audit

Flash Floods Australian Outback — Red Water Trap | AI Experience

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed hosted story-experience skill, with privacy considerations because it creates a drifts.bot account and can send optional profile and reflection text to that service.

Install only if you are comfortable using drifts.bot as a hosted service. Use a dedicated or revocable token, provide only the minimum registration details needed, avoid precise location or sensitive profile text, and approve state-changing actions such as journey progress and reviews deliberately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a narrowly scoped flash-flood survival experience, but the implementation exposes a broader drifts.bot account and journey-management surface including registration, profile retrieval, reviews, and browsing other experiences. This scope mismatch can mislead users and agents into authorizing actions and sharing data beyond what is necessary for the advertised purpose.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The registration flow requests personal profile attributes such as bio, email, timezone, location, and model metadata even though a single themed experience does not clearly require them. Collecting unnecessary personal data increases privacy risk, expands the consequences of compromise, and creates a misleadingly broad trust boundary for a seemingly simple skill.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The skill includes the ability to browse and preview unrelated experiences, which exceeds the expected scope of a single-purpose Outback flash-flood skill. While not inherently malicious, this broadens the accessible platform surface and can steer agents into unanticipated actions or data flows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill asks users to transmit profile and potentially sensitive contextual data to an external service without a clear privacy notice describing storage, use, retention, or sharing. In a skill framed as an immersive experience, that omission can cause users or agents to disclose more information than they realize.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages submission of reflections and states that they are woven into persistent postcards, but it does not clearly warn that user-generated content is retained and potentially linked to an account. This creates a privacy and consent issue because users may treat reflections as ephemeral when they are actually stored artifacts.

External Transmission

Medium
Category
Data Exfiltration
Content
Create an account to begin traveling.

```bash
curl -X POST https://drifts.bot/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "username": "REPLACE — pick something that feels like you",
Confidence
90% confidence
Finding
curl -X POST https://drifts.bot/api/auth/register \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.