ClawHub

Brain Tease Game

Security checks across malware telemetry and agentic risk

Overview

This is mostly a normal brain-teaser game, but it can automatically reuse local Claude/OpenClaw configuration for AI-generated questions and send requests to model APIs.

Install only if you are comfortable with a game skill that may use existing Claude/OpenClaw configuration for AI question generation when the local question pool runs low. Prefer using a dedicated BRAIN_TEASER_API_KEY or keeping AI unavailable, review any configured API endpoint, and remove the offensive Chinese riddle before broad use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (17)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation exposes capabilities beyond a simple local game—environment access, local file reads/writes, and possible MCP/network-related behavior—without declaring permissions or clearly warning users. This creates a transparency and consent problem: users may invoke a benign-looking game skill that can access configuration files and persistent state, increasing the risk of unintended data exposure or unsafe execution context.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose is a multilingual teaser game, but the described behavior also includes reading local config files, retrieving API credentials, contacting external LLM endpoints, and administrative state operations. This mismatch is dangerous because users may trust the skill as harmless entertainment while it performs broader data-access and outbound-network actions they did not reasonably expect.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation claims 'no external dependencies' and 'standard library only' while also describing optional remote AI generation using API keys and external service configuration. Even if technically the HTTP client may be implemented without third-party packages, the statement is misleading from a security and trust standpoint because it obscures reliance on external services and credentials.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This module adds a hidden capability: it reaches outside the local game logic to generate content via an external LLM service, but the skill metadata only describes local gameplay features. Undeclared networked generation changes the trust boundary, can expose user inputs or operator credentials to third parties, and makes the skill behave beyond what a user would reasonably expect from the manifest.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The game skill reads unrelated local configuration files and environment-held credentials from other tools to bootstrap API access. That is a dangerous cross-context credential access pattern because a low-risk game acquires secrets the user may never have intended to share with it, expanding the blast radius if the skill is modified, compromised, or simply misused.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The module performs outbound API calls to an LLM service despite the skill being presented as a brain-teaser game. Undeclared network communication is risky because it can leak prompts, metadata, or future user content to external services and introduces remote dependency behavior that users and reviewers did not authorize.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The CLI exposes `reset-history` and `status` commands that are not part of the described player-facing game functionality. In an agent-skill context, hidden or undocumented administrative actions can let a user inspect session metadata or reset shared game state, causing information exposure and integrity issues across users even if there is no direct code execution.

Description-Behavior Mismatch

Low
Confidence
91% confidence
Finding
The code persists session and play-history data under the user's home cache directory without any disclosure in the skill metadata. Even though the data appears limited to game state rather than secrets, undisclosed local persistence is a real privacy and transparency issue because users may not expect the skill to create durable files and retain behavioral history across runs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises optional AI-based question generation and shows API key configuration, but it does not disclose that user prompts, question content, or session text may be transmitted to third-party model providers. This is a real transparency/privacy issue because users may enable the feature without understanding that their inputs could leave the local environment and be subject to external retention or logging.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The optional AI generation feature documents API keys and a remote API base but does not warn users that prompts, game context, or user inputs may be sent to an external service. This omission is risky because even a simple game can process user-provided text, and transmitting that text off-device without disclosure undermines user privacy expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code accesses API credentials from environment variables and local config files without any user-facing disclosure or consent specific to this skill. In the context of a casual game, secret access is especially inappropriate because users would not reasonably expect it to inspect local tool settings or reuse existing tokens.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill transmits prompts to an external API without clearly informing the user that network transmission is occurring. Even though the current prompt is a template, this establishes a remote data flow that could later include user-derived content, and it is inconsistent with the expectations for a simple puzzle game.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
This entry contains a locale-specific derogatory term in user-facing game content. Even though it appears as part of a wordplay riddle rather than an explicit attack, it can still normalize offensive language, alienate users, and create reputational or compliance risk when surfaced to end users.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
History data is written, updated, and reset on disk without any explicit user notice or consent flow. In this game context the stored content is low sensitivity, but silent persistence and deletion can still create privacy concerns and surprise users, especially because generated questions and usage history may accumulate over time.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
export BRAIN_TEASER_API_KEY=your-api-key
export BRAIN_TEASER_API_BASE=https://api.example.com/v1  # 可选
export BRAIN_TEASER_MODEL=gpt-4  # 可选
```
Confidence
92% confidence
Finding
https://api.example.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
export BRAIN_TEASER_API_KEY=your-api-key
export BRAIN_TEASER_API_BASE=https://api.example.com/v1  # optional
export BRAIN_TEASER_MODEL=gpt-4  # optional
```
Confidence
92% confidence
Finding
https://api.example.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
export BRAIN_TEASER_API_KEY=your-api-key
export BRAIN_TEASER_API_BASE=https://api.example.com/v1  # オプション
export BRAIN_TEASER_MODEL=gpt-4  # オプション
```
Confidence
92% confidence
Finding
https://api.example.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal