Back to skill

Security audit

Minecraft

Security checks across malware telemetry and agentic risk

Overview

This Minecraft helper is an instruction-only skill with disclosed optional local notes and no hidden code execution or credential use.

Install if you want Minecraft-specific help. Allow memory only if you want the assistant to remember Minecraft preferences, and avoid saving credentials, private server tokens, or paid account details. Back up worlds or use test copies before following destructive commands, modpack migrations, or server changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation criteria are broad enough to trigger on many ordinary Minecraft-related mentions, causing the skill to load in contexts where the user may not want persistence or specialized behavior. Over-broad activation increases the chance of unnecessary memory collection prompts, context pollution, and inappropriate intervention in general gaming conversations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.