ClawHub

InStreet gomoku AI

Security checks across malware telemetry and agentic risk

Overview

This Gomoku skill mostly does what it says, but it includes a hardcoded InStreet API key and can automatically create, join, poll, and play games through that credential.

Review before installing. Use only a version that removes the embedded API key, requires your own scoped InStreet credential, and makes it clear when it will create or join rooms and submit moves. Run it only when you intentionally want autonomous Gomoku play, and avoid running it with elevated privileges or against an untrusted local KataGomo executable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation indicates capabilities including environment access, file read/write, network use, and shell execution, but no permissions are declared. This creates a hidden trust boundary issue: users and policy systems cannot accurately assess or constrain what the skill can do, while the skill can still automate remote actions and invoke local executables.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The stated purpose is a Gomoku assistant, but the documented behavior expands into account polling, room creation/joining, automated gameplay submission, subprocess invocation, and use of embedded credentials. This mismatch is dangerous because users may consent to a narrow chess-like assistant while actually authorizing automated account activity and code execution pathways beyond the declared scope.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The documentation exposes a hardcoded API key directly in the skill file. A published secret can be copied and abused for unauthorized API access, account actions, quota exhaustion, or impersonation against the InStreet service.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The code embeds a live-looking default API credential directly in source and automatically uses it when the environment variable is unset. This can expose the service account to anyone with code access, enable unauthorized API use, and cause accidental secret reuse across deployments.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A hardcoded bearer token is embedded directly in source code and then used to authenticate requests to a remote game API. Anyone who can read the file can recover the credential and impersonate the skill, access associated API capabilities, or abuse the account until the key is rotated.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad and overlap with normal conversation, making accidental activation more likely. Because this skill can automate gameplay actions and potentially interact with networked services, a false trigger could cause unintended room creation, matching, or move submission.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises automatic move computation and submission but does not clearly warn users that it may play on their behalf. Missing disclosure reduces informed consent and increases the chance of unintended automated actions on an external service.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation not only exposes an API key but also fails to include any security warning or handling guidance. This increases the likelihood that users will reuse, trust, or mishandle the credential, compounding the risk of unauthorized API access.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code uses a hardcoded API credential for authenticated network calls without any disclosure or user control. This is dangerous because the secret can be extracted from the skill and reused by unauthorized parties, turning the skill into a vehicle for credential leakage and downstream API abuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal