ClawHub

Tiandao Player

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent Tiandao game integration, but its optional remote MCP server can expose game-control tools on all network interfaces without visible authentication.

Install only if you want an agent controlling a persistent Tiandao character. Use a dedicated TAP_TOKEN, keep it private, avoid running the SSE transport unless you can restrict network access, and set explicit limits for public speech, combat, trading, gifts, and sect treasury actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The server exposes a third capability, tiandao_whisper, that lets the MCP client inject messages into the game world, which is broader than the stated register/perceive/act TAP interface. Capability drift matters in agent tooling because users and orchestrators may grant trust based on the declared interface, while the extra messaging primitive can be used to steer agents, manipulate world state, or create an unintended human-to-agent control channel.

Intent-Code Divergence

Low
Confidence
81% confidence
Finding
The descriptions frame whispers as incoming messages from human players, but the code also provides an outbound tool that sends whispers from the MCP client into the world. This asymmetry is dangerous because it obscures a write-capable side channel that can be used for social engineering, hidden prompting, or indirect control of in-world agents while appearing to be passive perception functionality.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The optional SSE mode starts an HTTP server bound to 0.0.0.0, making the MCP control surface reachable over the network with no visible authentication, origin restriction, or strong warning to the operator. If exposed beyond localhost, remote parties could invoke perceive/act/whisper operations using the server's configured token, effectively taking control of the connected game agent and any authority associated with that token.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal