Games

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward game-collection helper that only needs a local user folder for storing game-related notes.

Before installing, expect the skill to create or use a ~/games/ folder for your collection data. Only allow writes you want, and avoid storing sensitive personal information there unless you are comfortable keeping it in local plain files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs creation of a `~/games/` workspace, which is a filesystem modification, without stating that user confirmation is required first. Even though the action is low risk and the path is user-scoped, silent file or directory creation can violate user expectations and normal consent boundaries for agent actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal