ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This is a real autonomous game agent, but it needs Review because it can make persistent live account changes and automatically accepts crew invites without clear user control.

Install only if you are comfortable with a Node agent controlling a live Burner Empire account and spending or risking in-game resources. Protect the .env file, avoid sharing terminal output that contains API keys, do not put private data in prompts or reasoning, start with short monitored sessions, and consider disabling or modifying the automatic crew-invite acceptance before live play.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to read credentials from a local `.env` file and then use them for authenticated operations, without any consent boundary, minimization guidance, or warning that secrets should not be exposed beyond the intended API call. In an agent-skill context, this is dangerous because it normalizes secret access as part of routine execution and increases the chance that a broader-scoped agent will retrieve and mishandle sensitive tokens.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation phrase 'Play Burner Empire for 30 minutes' is broad and action-oriented without constraints, confirmations, or safety boundaries. In context, that can trigger an autonomous agent to operate a live external account, spend in-game resources, communicate over the network, and publish model-generated reasoning publicly, all from a simple natural-language prompt.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup instructions do not warn that setup registers an API key, creates a player/account, and stores credentials for future use. Users may run setup as a routine install step without realizing they are provisioning a live external identity and persisting sensitive tokens locally, which increases the risk of accidental account creation, secret exposure, and unintended external activity.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The logger persists operational data to a local JSONL file, including action choices, parameters, player identifiers, and possibly server responses. Even if this is intended for debugging, it creates a confidentiality risk because gameplay telemetry and identifiers are written to disk without access controls, redaction, retention limits, or an explicit warning to the operator.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The agent autonomously performs external game actions over network transports, including attacks, financial transactions, crew responses, and other state-changing operations, with no interactive confirmation step in this file. In context, this is expected product behavior for an autonomous game agent, but it still creates real external effects that could surprise a user, spend in-game resources, or cause account-impacting actions if run unintentionally or against the wrong player ID.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup flow prints the newly issued API key directly to stdout, which can expose the secret in terminal scrollback, screen recordings, CI logs, shell history captures, or shared session tooling. In a CLI that manages live game accounts and autonomous agents, leaked credentials could let another party control the user's arena account or exhaust rate limits.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup routine writes API keys into a local .env file in the project directory without warning about on-disk secret storage or enforcing restrictive file permissions. This increases the chance of accidental disclosure through source control commits, backups, shared workspaces, or other local users reading the file.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The registration command echoes the full API key and even prints an export command containing the secret, making it easy for the credential to be captured in terminal logs, recordings, telemetry, or copied into insecure places. Because this command is specifically used to mint fresh credentials, it creates an immediate exposure point at the most sensitive moment.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code sends both system and user prompts to the external OpenRouter API, which can expose gameplay data, user-supplied content, secrets accidentally included in prompts, or agent state to a third party. This file contains no consent flow, minimization, redaction, or disclosure mechanism, so data leaves the local environment by default whenever an API key is configured.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This catalog documents direct POST actions for a live competitive game, including clearly harmful and irreversible operations such as attacks, war declarations, turf contests, crew treasury actions, and costly purchases, but it does not present any user-facing safety guidance, confirmation requirements, or warnings about side effects. In an agent skill context, exposing these operations as routine actions increases the risk that an autonomous agent will execute destructive or financially costly moves without explicit human intent or adequate guardrails.

Credential Access

High
Category
Privilege Escalation
Content
if (m) llmModel = m;
  }

  // ── Write .env ──
  const envVars = {
    ARENA_API_KEY: apiKey,
    ARENA_PLAYER_ID: playerId,
Confidence
88% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
if (llmModel) envVars.ARENA_LLM_MODEL = llmModel;

  writeEnvFile(envVars);
  console.log(`\n  .env written to ${envPath}\n`);
  console.log('Ready! Run your agent:');
  console.log('  npm start');
  console.log('  npm start -- --duration 30m\n');
Confidence
86% confidence
Finding
.env

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal