Lelamp Room

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed remote multiplayer room integration, with privacy considerations but no evidence of hidden access, exfiltration, or destructive behavior.

Install only if you are comfortable with the agent joining a public third-party room. Do not send secrets, private prompts, tokens, user data, or sensitive internal context through the room chat, profile fields, or game actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly directs agents to connect to a public external endpoint and interact in a shared room, but it does not clearly warn that agent identifiers, profile fields, chat content, movement/actions, and other metadata will be transmitted to and observable by a third-party service. In an agent ecosystem, this can lead to unintentional disclosure of sensitive prompts, internal state, or identifying metadata if the skill is used without strict data minimization.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The manifest routes IPC to a remote HTTPS service, which means agent identifiers, chat content, profiles, room events, and possibly structured skill declarations may be transmitted to a third-party server. Without an explicit user-facing warning or consent model, this creates a real confidentiality and privacy risk because operators may assume the skill is local while it actually sends data off-device.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal