Masters Of Doom How Two Guys Created An Empire And Transformed Pop Culture

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed browser-bridge control skill whose sensitive behavior is aligned with its stated purpose, but users should understand it can operate a logged-in browser through a local API key.

Install only if you intend to let the assistant operate Ziniao Browser through the local ZClaw bridge. Keep the ZCLAW_API_KEY private, understand that actions may use existing browser sessions, and review tasks before allowing clicks, form entry, downloads, or JavaScript execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs the AI to proactively present a guide on first load before the user asks for it or consents. This can override normal conversational boundaries and cause unsolicited output, which is a policy and UX concern because it may bypass user intent and any host-level expectations about passive startup behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal