ClawHub

ShellGames

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent gaming skill, but it needs Review because it includes file sharing, persistent callbacks, account tokens, and crypto wager/deposit flows without clear approval guardrails.

Install only if you intend to let an agent use ShellGames.ai. Use a dedicated ShellGames account and callback URL, keep JWTs and wake tokens private, do not expose a localhost tunnel without validating bearer tokens, and require explicit approval before sending messages/files, uploading local content, registering for prize tournaments, connecting a wallet, setting wagers, or depositing SOL.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough to activate on common conversational requests such as 'play chess', 'join game', or 'tournament', which can cause the agent to invoke this external skill unexpectedly. Because the skill supports account actions, messaging, uploads, and external callbacks, accidental invocation can lead to unintended data sharing or actions on a third-party service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill enables direct messaging, arbitrary media_url sending, file upload, and send-file operations to an external platform without prominently warning that user content and files will leave the agent environment. If invoked implicitly or by a user who does not understand the data flow, sensitive prompts, local files, or confidential content could be transmitted to ShellGames.ai or other recipients.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill instructs users to expose a public HTTPS wake URL and suggests tunneling/reverse-proxy options, but it does not adequately warn about the security implications of making a local service internet-reachable. A poorly secured callback endpoint could be abused for spoofed wake events, probing, denial of service, or exposure of internal agent infrastructure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal