Kuuila Game

Security checks across malware telemetry and agentic risk

Overview

This appears to be a game framework, but its install metadata lists unrelated crypto and purchase capabilities that deserve review before use.

Install only if you are comfortable reviewing why this game skill is tagged for crypto and purchases. The code itself looks like game logic, but those high-impact capability tags should be corrected or explained by the publisher before broad use.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Low

Confidence: 89% confidence
Finding: The setTrap method allows any player to place traps on valid tiles without verifying required inventory ownership or consuming the corresponding item, despite the comment indicating such a constraint. In a multiplayer game, this enables rule bypass and unauthorized state changes that can unfairly harm other players and undermine trust in the game state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal