Pg Game Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent monitoring skill, but it deserves review because it installs persistent system services, handles database/webhook secrets, and sends host metrics externally with incomplete safeguards.

Review the scripts before installing, especially if running as root. Use Ansible Vault or another secret manager, set env files such as /opt/game_monitor/env.conf and /opt/monitor/feishu/webhook.env to restrictive permissions, avoid printing those files in shared terminals or logs, use trusted internal/HTTPS Pushgateway and webhook endpoints, and confirm that persistent systemd services and outbound monitoring data are acceptable in your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill declares required environment variables and operational behavior involving shell commands, network access, and external integrations, but does not declare corresponding permissions. That mismatch weakens user awareness and policy enforcement, increasing the chance that a skill with deployment and outbound capabilities is invoked with broader access than expected.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 86% confidence
Finding: The documentation understates the operational impact of the skill by describing a monitoring solution while also referencing system-level installation, internet downloads, service startup, and broader deployment actions. Description-behavior mismatch is dangerous because users may approve a skill expecting passive monitoring but actually enable privileged install and outbound deployment workflows.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The code comment asserts localhost-only exposure, but that guarantee only holds in the direct __main__ execution path. If this Flask app is imported into a WSGI server or container runtime with broader binding/routing, the /webhook endpoint can become remotely reachable without authentication, allowing external parties to submit forged alerts that are forwarded to Feishu.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger regexes are very broad and can match many normal requests about Java, MySQL, Grafana, or monitoring. Overbroad activation increases the chance of unintended invocation of a skill that handles secrets, network endpoints, and deployment-related instructions, which can lead to accidental exposure or unsafe operational guidance.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill sends alert data to a Feishu/Lark webhook but does not warn that monitored hostnames, service names, memory metrics, or incident details may leave the local environment. In a monitoring context, external notification is legitimate, but undisclosed data egress can still expose internal infrastructure metadata to third-party services.

Missing User Warnings

Low

Confidence: 81% confidence
Finding: The skill documents collection of MySQL credentials via environment variables without warning about secret handling, storage, process exposure, or log leakage. While environment variables are common, they are not risk-free and can be exposed through shell history, process inspection, crash dumps, or misconfigured logging.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The deployment guide explicitly instructs operators to display `/opt/game_monitor/env.conf`, which may contain `MYSQL_PASSWORD`, and elsewhere documents another secret-bearing file (`/opt/monitor/feishu/webhook.env`). In operational environments, shell output may be exposed through terminal sharing, CI/CD logs, bastion session recording, or chat copy/paste, increasing the chance of credential disclosure.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The agent automatically pushes collected JVM and MySQL telemetry to a configurable Pushgateway endpoint, creating outbound data transmission that may expose sensitive operational metadata such as hostnames, game directories, class names, memory profiles, and database state. Because there is no enforcement of HTTPS, authentication, endpoint allowlisting, or operator confirmation, a misconfigured or malicious endpoint could receive internal monitoring data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal