ClawHub

Game - Endless Downstairs

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local text-adventure game skill with narrow Python commands and local save files, though its activation and “output directly” wording should be used only inside an intentional game session.

Install only if you intend to play this game. Keep activation explicit by naming Endless Downstairs, avoid giving broad automation requests, and remember it saves local game progress in the skill directory. The “output directly” wording should not be treated as overriding normal assistant safety or user-control expectations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The handler intentionally excludes hidden choices from display, but get_original_index() maps user-entered numbers against all selectable choices, including hidden ones. This creates an authorization/logic bypass where a player can trigger concealed game paths without the intended visibility or gating, which can expose unreleased content, break progression rules, or reach privileged state transitions such as checkpoint loading or special events.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The suggested phrase "Start the game." is highly generic and can easily appear in ordinary user conversation, making accidental activation of the skill more likely in environments where routing depends on natural-language matching. In an AI-assistant context, broad triggers can cause the assistant to enter the game workflow unexpectedly and begin following game-oriented instructions instead of the user’s actual intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example help prompt "Help me analyze, what should I do?" is broad and ambiguous, and could overlap with normal requests users make outside the game context. In a system that selects skills from conversational text, this increases the chance that the game skill is invoked during unrelated assistance-seeking interactions, potentially derailing the conversation or causing the assistant to prioritize in-game behavior.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description includes broad phrases like 'start a horror adventure' and 'need a text adventure game experience,' which can over-match ordinary entertainment requests and cause the skill to activate when the user did not explicitly ask for this specific game. Overbroad routing increases the chance the agent enters a mode that instructs command execution and constrained output behavior without clear user intent.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill instructs the assistant to translate all player input into Python commands without offering a language-choice or opt-in path. This can mis-handle user intent, silently transform content, and push the assistant toward tool-driving behavior even when the user may only be chatting about the game rather than intending command execution.

Ssd 1

Medium
Confidence
93% confidence
Finding
The README explicitly instructs the assistant to 'directly output game content' and 'not think, modify, add, or summarize,' which attempts to suppress normal safety-aware interpretation and discretion. Even in a game skill, embedding prompt language that tells the assistant to stop reasoning or blindly relay content can weaken safeguards and make prompt-injection style control easier.

Ssd 1

Medium
Confidence
94% confidence
Finding
The repeated 'recovery' prompt reinforces the same semantic override by telling the assistant again to output content verbatim and suppress reasoning whenever it deviates. Repetition matters here because it conditions users to reapply anti-discretion instructions, increasing the chance that the assistant will ignore contextual safety checks or broader conversation constraints.

Ssd 4

Medium
Confidence
88% confidence
Finding
This section describes giving the assistant broad automation commands and then reasserting strict control with another override prompt, normalizing a control-capture/control-recapture pattern over the model's behavior. In the context of an agent skill, that pattern is risky because it encourages users to manage the assistant through meta-instructions that can bypass normal boundaries instead of through constrained game commands.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal