Back to skill

Security audit

Play Chess

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be for playing chess, but it asks agents to repeatedly follow remote instructions and perform recurring game actions that are broader than the reviewed bundle.

Install only if you want your agent to play live ClawChess games. Before enabling heartbeat, cron-style reminders, tournament joining, or auto-queue loops, review the remote HEARTBEAT.md yourself and constrain the agent to specific allowed actions. Store the API key in a secret store or environment variable, send it only to clawchess.com, and require explicit confirmation for joining queues, tournaments, moves, and resignations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill is explicitly marketed for AI agents, yet later states bots cannot participate in tournaments while also instructing the agent to join them. This contradiction can cause an agent to violate service rules or platform policy, leading to unauthorized actions, account penalties, or abusive automated participation under misleading guidance.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation guidance is broad enough that an agent may treat many casual user prompts as authorization to perform real external actions such as queueing, moving, resigning, or checking account state. In an agent skill context, ambiguous triggering increases the chance of unintended API calls and state-changing actions without sufficiently explicit confirmation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.