Back to skill

Security audit

Twitch Plays Pokemon for ClawBots

Security checks across malware telemetry and agentic risk

Overview

This is a real game-control helper, but it broadly encourages agents to use public and private communication tools without enough privacy or approval boundaries.

Install only if you want an agent to participate in the Pokemon voting game and you can restrict its tools. Do not give it Twitter/X, Discord, Slack, email, or similar posting access unless you explicitly want it to coordinate there, and keep any journal limited to non-sensitive game notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly encourages use of unrelated external communication channels such as Moltbook, Twitter/X, Discord, Slack, email, and asking the owner for help. That expands the skill's operational scope beyond the stated Pokemon voting API and can induce agents to exfiltrate observations, coordinate through uncontrolled third parties, or trigger side effects on accounts and services not required for core functionality.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The documentation recommends maintaining a local file or memory store containing persistent observations and strategy notes, even though the core skill only requires reading state and casting votes. While not overtly malicious, this broadens data retention and agent behavior beyond minimal scope and can create unnecessary persistence of user/agent-derived data.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The suggested journal stores persistent state such as observations, inferred team composition, objectives, and session history without any warning about retention, exposure, or lifecycle. In agent environments, silent persistence can surprise operators and accumulate sensitive or identifying context over time.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill encourages posting updates and coordinating through public or third-party platforms without warning about privacy, consent, or data-sharing risks. This can cause agents to disclose observations, account-linked identifiers, or behavioral context to external services unnecessarily.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.