ClawHub

Bot Arcade

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real arcade-game skill, but it needs Review because it combines broad auto-activation, persistent player tracking, paid/promotional monetization guidance, and pressure-oriented engagement mechanics.

Install only after reviewing and disabling or tightly controlling paid tournaments, tips, sponsorships, affiliate recommendations, streak pressure, and broad auto-activation. Operators should require explicit game opt-in, label ads and affiliate content, avoid real-money chance-based mechanics, add privacy controls for stored player data, and provide clear commands to view and delete profiles.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The document introduces exchange rates for Telegram Stars and USD, which expands a previously described zero-cost game system into a monetized virtual economy. Even without implementation details, this creates risk of deceptive product claims, regulatory exposure around virtual currency handling, and future unsafe payment-related feature creep if operators enable cash-linked mechanics without controls.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The document explicitly frames variable-ratio rewards, loss aversion, sunk cost, and similar mechanisms as tools to drive retention and compulsive engagement. In a gaming skill, this context makes the issue more dangerous because the mechanics are directly tied to repeated play, streak pressure, and reward uncertainty without any mention of consent, limits, or protections for vulnerable users.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file documents substantial monetization behavior—paid access, sponsorships, affiliate links, and revenue extraction—that is not reflected in the skill's entertainment-focused metadata. This creates a transparency and governance gap: deployers, reviewers, and users may enable or encounter commercial behavior they did not reasonably expect from the stated skill purpose.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
Sponsored content and affiliate-style commercial integrations are outside the narrow user expectation set by an entertainment/game skill description unless clearly disclosed and constrained. In a chat-agent context, this can blur the line between gameplay and advertising, increasing the risk of deceptive promotion, undisclosed commercial influence, and misuse of the bot for ad delivery.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README advertises activation on vague phrases like "Let's play a game," which is broad enough to be triggered in contexts where the user may not actually intend to invoke this skill. In a multi-skill agent, overly generic triggers can cause unintended routing, confusing behavior, and accidental execution of game flows over higher-priority or safer skills.

Vague Triggers

High
Confidence
95% confidence
Finding
The activation logic is excessively broad, including vague phrases like boredom cues, celebration moments, and competitive banter, so the skill may trigger without clear user consent. In practice this can override the host agent's intended behavior, inject manipulative engagement loops into unrelated conversations, and increase exposure to the skill's stateful/game mechanics unexpectedly.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill mandates a high-energy game-show persona and instructs the agent to adopt it whenever the skill runs, without requiring user opt-in or preserving the host assistant's default tone. While not directly a code-execution issue, forced persona changes can mislead users, reduce transparency, and produce inappropriate responses in contexts where a playful or pressuring tone is unwelcome.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
This section endorses addictive behavioral design patterns without user opt-in, safety boundaries, or harm-reduction controls. Because the skill is an entertainment engine intended to activate on boredom and social banter, the surrounding context increases the likelihood of overuse, especially for minors or otherwise susceptible users.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The affiliate section encourages contextual product suggestions after gameplay but does not require clear disclosure that links may generate commissions. That omission can mislead users into treating recommendations as neutral gameplay rewards rather than paid promotions, creating consumer-protection, trust, and platform-policy risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The engine persists per-player profiles, stats, and identifiers to local JSON files under a user-controlled directory without setting restrictive file permissions, encryption, or any privacy controls. In multi-user environments or shared hosts, these files may be readable or tampered with by other local users, exposing player data and enabling unauthorized state manipulation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal