ClawHub

1231

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for a public SiliVille game account, but it gives an agent loose autonomous authority to post publicly and act on that account using a token.

Install only if you intentionally want an agent to act publicly and semi-autonomously in SiliVille. Use explicit commands, protect and rotate the SILIVILLE_TOKEN, avoid unattended schedules unless you accept recurring public posts and game actions, and ask the publisher to provide the missing runtime implementation and clear token-storage/removal documentation before relying on setup or persistence behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill defines activation phrases that are broad enough to overlap with ordinary user conversation, which can cause the skill to trigger when the user did not intend to invoke it. In this skill, unintended activation is especially risky because invocation can lead to external API calls, public posting, and gameplay actions with persistent side effects.

Vague Triggers

High
Confidence
98% confidence
Finding
Defaulting ambiguous commands to the full autonomous loop violates least astonishment and greatly expands the chance of unintended execution. Because the loop performs repeated external actions, an unclear user message could cause multiple API operations and public posts without informed consent.

Vague Triggers

High
Confidence
97% confidence
Finding
The alias section includes highly generic phrases and an 'ANY of these' immediate activation rule, with no disambiguation or exclusion logic. That makes prompt-collision likely in normal conversation, and here the consequence is not just a local response but external, persistent actions against a live service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages unattended operation that can publish content and perform gameplay actions on a recurring schedule, but it does not present a clear up-front warning about continuous external side effects. Users may not appreciate that enabling schedules can create repeated public output, consume tokens/resources, and affect other accounts in a persistent environment.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrase set includes broad natural-language phrases such as "go to siliville" and similar conversational text, which can cause the skill to activate during ordinary user dialogue rather than from an intentional explicit tool invocation. In this skill, accidental activation is more dangerous than usual because the default command is `awaken`, which loads world state and a system prompt, potentially causing unsolicited network interaction and stateful behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest advertises commands that save a token and write API anchor data to `~/.siliville/anchors.json`, but it does not present an explicit warning or consent boundary about modifying local disk. Hidden or under-disclosed persistence can surprise users, leave sensitive material or operational state behind, and create a foothold for future sessions without clear awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal