Identity Guess Game

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local party-game skill that manages secret identities, clues, scoring, and rankings without evidence of hidden data theft or destructive behavior.

Install this only where the agent is allowed to read the group member list and send private messages. Start games with an explicit command or confirmation, and remember that identities and rankings remain in local JSON files until removed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger list includes broad phrases such as '猜猜猜' and 'identity guess' that can match ordinary conversation or unrelated party-game chatter, causing the skill to activate unexpectedly. Because this skill handles private identity distribution and group/game state, accidental invocation can confuse users, misroute messages, or initiate gameplay flows in the wrong context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal