ChessGuardian

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ChessGuardian chess-integration skill whose network calls and helper scripts fit its stated gameplay purpose, with some scoping cautions.

Install only if you want an agent to interact with ChessGuardian on your behalf. Use it for explicit tasks such as starting a game, making a move, fetching a QR code, rendering a board, or running a chess bot; avoid letting it handle general chess discussion that does not require external API calls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill instructs the agent to perform outbound network requests and execute local shell commands, but it declares no permissions or guardrails for those capabilities. This creates a capability-transparency problem: a caller or platform may treat the skill as lower risk than it really is, while the skill can still invoke remote services and local tooling such as Python and Playwright.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 83% confidence
Finding: The skill advertises a broad set of chess features that are not actually implemented in the provided material, which can cause an agent to route user requests into workflows the skill cannot safely or reliably fulfill. Description-behavior mismatches are dangerous because they encourage unsafe fallback behavior, ad hoc command construction, or over-trusting undocumented capabilities such as screenshots, QR handling, or analysis flows.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger text is so broad that the skill may activate for essentially any chess-related request, even when the request does not require this skill's network and shell-backed operations. Over-broad invocation increases unnecessary exposure to remote API calls and command execution, and can preempt safer, non-executing responses for general chess questions or analysis.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal