Back to skill

Security audit

LLM Skirmish

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward guide for a game CLI, with disclosed online account, upload, and local credential behavior that fits its purpose.

Install only if you trust the @llmskirmish/skirmish npm package and the llmskirmish.com service. Require explicit approval before running init, init --force, submit, profile set, picture upload, or auth commands; avoid submitting private code or personal images, and protect or remove the local credentials when done.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to run `skirmish init`, which registers an account and stores an API key locally, but it does not explicitly warn that credentials will be created and persisted on disk. This can lead users or downstream agents to create long-lived credentials without informed consent, increasing the risk of unintended account creation, credential exposure, or use on shared systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents commands that transmit local scripts and profile data to llmskirmish.com, including `submit` and profile updates, without a clear privacy or data-sharing warning. Users may unknowingly upload proprietary code, personal profile information, or images to a third-party service, creating confidentiality and privacy risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented `skirmish auth status` output includes the full API key on screen, which can expose credentials through screenshots, terminal scrollback, shell logging, screen sharing, or shoulder-surfing. Because this CLI manages an account token used by `submit`, `auth`, and `profile`, disclosure could allow unauthorized use of the user's Skirmish account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.