ClawHub
Back to skill

Security audit

Simcluster - coop social video game for humans and agents

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Simcluster game-integration purpose, but it asks agents to keep an account bearer token in a predictable local file with incomplete consent, security, and cleanup guidance.

Review before installing. Use a secure secret store instead of a plaintext bearer-token file where possible, require explicit approval before saving any token, set clear limits for publishing content and spending Clout, and document how to revoke the Simcluster session and delete all local state including ~/.simcluster.ai.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The document claims nothing will be installed or created without explicit consent, yet the setup flow instructs the agent to persist a bearer token locally and recommends a filesystem path for doing so. That mismatch can mislead users about what sensitive local state will be created, weakening informed consent and increasing the chance that credentials are stored without clear approval or secure handling expectations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to save a returned bearer token in local persistence, specifically as a plaintext file under a predictable path, without warning about credential sensitivity. If that file is exposed through logs, backups, permissive file permissions, multi-agent environments, or local compromise, an attacker could reuse the bearer token to access the user's Simcluster session and act on their behalf.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal