cs2-stats-monitor-5e

Security checks across malware telemetry and agentic risk

Overview

This is a coherent CS2 stats monitor that makes disclosed 5E API requests and can run a user-started background poller.

Install only if you are comfortable sending queried player names to 5E services. Use a virtual environment for `aiohttp`, start continuous monitoring only deliberately, stop the tmux session when finished, and avoid putting any login cookie into commands or config unless a future version clearly documents safe handling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill explicitly instructs users to run a long-lived background monitor in tmux and provides a reset operation, but it does not disclose that this causes persistent outbound polling and local state management. That omission can mislead users into starting unattended network activity or altering stored monitor state without understanding the operational and privacy implications.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The documentation states that a login Cookie is needed for season overview but gives no guidance on secure handling of authentication material. Users may pass, store, or log session cookies insecurely, creating a risk of account/session theft if the cookie is exposed through files, shell history, tmux panes, or logs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal