Back to skill

Security audit

Unity CI Kit

Security checks across malware telemetry and agentic risk

Overview

This Unity CI skill is mostly purpose-aligned, but its Windows command construction can turn editable config values into shell execution risk.

Install only for trusted Unity projects. Before running build or compile, review ci_config.json values, especially unity_path, execute_method, log_file, and result_file; avoid running this in privileged CI with secrets unless the command invocation is hardened to argument lists with shell disabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_command(cmd, timeout=600):
    """运行命令,返回 (success, stdout)"""
    try:
        result = subprocess.run(
            cmd, capture_output=True, text=True, timeout=timeout,
            cwd=os.getcwd(), shell=(platform.system() == "Windows")
        )
Confidence
95% confidence
Finding
result = subprocess.run( cmd, capture_output=True, text=True, timeout=timeout, cwd=os.getcwd(), shell=(platform.system() == "Windows") )

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs users to run a Python CLI that reads and writes project files and invokes Unity in batch mode, yet the skill metadata does not declare these capabilities. Undeclared file and shell capabilities reduce transparency and can mislead downstream agents or users about the operational risk, especially because the tool can modify project state and execute external binaries.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The instructions direct the user to create and copy files into the project, including ci_config.json and CiRunner.cs, without an explicit warning that existing files may be overwritten or project state changed. In a CI setup skill this is contextual and expected, but the lack of notice can still cause unintended file loss or unreviewed modifications.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill describes running build and compile commands that generate ci_output.log and ci_result.json in the project directory, but does not prominently warn users about these side effects. This is low severity, yet it can matter in clean repositories, restricted workspaces, or automated environments where unexpected file generation affects tooling or commits.

Unvalidated Output Injection

High
Category
Output Handling
Content
def run_command(cmd, timeout=600):
    """运行命令,返回 (success, stdout)"""
    try:
        result = subprocess.run(
            cmd, capture_output=True, text=True, timeout=timeout,
            cwd=os.getcwd(), shell=(platform.system() == "Windows")
        )
Confidence
96% confidence
Finding
subprocess.run( cmd, capture_output

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.