Back to skill

Security audit

Unity3D 游戏开发助手

Security checks across malware telemetry and agentic risk

Overview

This Unity automation skill is mostly purpose-aligned, but it exposes unauthenticated local editor commands that can modify projects, create scripts, delete objects, and start builds.

Install only if you are comfortable giving a local OpenClaw/PowerShell workflow control over an open Unity project. Use it in a version-controlled project, start the bridge only when needed, stop it afterward, review generated scripts before saving or committing, and avoid running it in sensitive projects until authentication, confirmations, and path restrictions are added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The module can create C# script files in the connected Unity project over HTTP with no confirmation, dry-run, or safety interlock. In an agent-driven workflow, this enables silent project modification and code introduction, which can alter behavior, introduce malicious logic, or persist unwanted changes if invoked unexpectedly or through prompt/command injection.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The function deletes GameObjects by name through the local Unity bridge without any confirmation or guardrail. This creates a destructive action surface where an agent or unintended caller can modify scenes and potentially cause data loss or workflow disruption, especially if the scene is later saved automatically or by user habit.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises scene creation/loading/saving and automated build/package capabilities that can directly modify Unity projects and generate artifacts, but it does not clearly warn users about these side effects. In an agent-driven workflow, this increases the risk of unintended file changes, overwritten assets, or accidental builds being triggered without informed user consent.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The architecture references a local HTTP server for communication but gives no disclosure about what data is transmitted, how the port is exposed, or what authentication and access controls exist. Even if the server is intended for localhost use, undocumented local network services can expand attack surface and may expose project data or accept unauthorized requests from other local processes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The HTTP API allows remote creation and overwrite of source files in the Unity project without authentication, authorization, or any interactive confirmation. In the context of an editor bridge, this enables arbitrary code injection into the project and persistence via malicious scripts, which is substantially more dangerous than a typical convenience feature.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The delete endpoint removes GameObjects by name over HTTP with no authentication or user confirmation. Even though Undo is registered, a local or proxied attacker could disrupt scenes, destroy editor state, or sabotage work without the user's awareness.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The build endpoint permits remote triggering of project builds and arbitrary output path selection without user approval. This can consume substantial resources, overwrite build artifacts, and be abused as part of a larger automated attack chain against the developer workstation or CI-like environment.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The API discloses the local project path, Unity version, and scene metadata to any process able to reach the listener. While the listener is bound to localhost, this still increases attack surface by revealing filesystem layout and project structure that can aid follow-on attacks.

Session Persistence

Medium
Category
Rogue Agent
Content
{
            try
            {
                _listener = new HttpListener();
                _listener.Prefixes.Add($"http://localhost:{_port}/");
                _listener.Start();
Confidence
81% confidence
Finding
pList

Session Persistence

Medium
Category
Rogue Agent
Content
var context = _listener.GetContext();
                        ProcessRequest(context);
                    }
                    catch (HttpListenerException)
                    {
                        break;
                    }
Confidence
80% confidence
Finding
pList

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.