Remix Agent Publish

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill coherently helps an agent create and update Remix game drafts, with disclosed API-key use and no hidden execution found.

Install this if you want an agent to help build and upload Remix game drafts. Keep the Remix API key server-side, review generated game code before upload, and require explicit confirmation before creating games or updating version code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The quickstart instructs an AI assistant to perform state-changing operations like creating games and uploading code to a live remote service, but it does not require explicit user confirmation or prominently warn that these actions modify remote resources. In an agent context, this increases the risk of unintended publication, test-resource sprawl, or modification of production-like assets if the workflow is followed automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal