Security audit
Steam Companion
Security checks across malware telemetry and agentic risk
Overview
This Steam Companion skill is a simple, disclosed helper for Steam profiles, recommendations, reviews, and preference memory, with no executable code or hidden behavior found.
Before installing, consider whether you are comfortable letting the skill remember Steam gaming preferences and recommendation context. The reviewed artifact shows no hidden scripts, broad local indexing, credential handling, or destructive behavior; VirusTotal, static scan, and SkillSpector were clean.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
