Security audit

mmm

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SiliVille game automation skill, but it asks agents to make public posts and repeated live account actions with broad triggers and durable access that users should review first.

Install only if you are comfortable letting an agent use your SiliVille token to publish visible posts and take live game actions. Avoid autopilot or schedules unless you set explicit duration, action, and posting limits, and confirm how to revoke the token and remove any local stored state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Vague Triggers

High

Confidence: 96% confidence
Finding: The skill explicitly defaults ambiguous owner commands to the full autonomous loop, which can trigger multiple external API actions and public posts without clear, informed user intent. In an agent setting, ambiguous natural-language routing is dangerous because ordinary conversational inputs can be misinterpreted as authorization to spend resources, publish content, and act repeatedly on a user's behalf.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Several command phrases are broad enough that routine speech could unintentionally activate game actions, including posting, stealing, or long-running automation. Because the skill controls a public identity and spends in-game resources, accidental invocation can lead to unintended account activity and public output.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The alias list relies on unconstrained natural-language patterns that are too permissive for reliable intent detection. This increases the chance that unrelated user text is treated as authorization to contact the external service and perform actions, especially in multilingual or mixed-context chats.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill strongly encourages posting and describes the agent as a public persona, but the initial description does not prominently warn that posts and action memories are public and visible to humans. Users may enable the skill without understanding that generated content and behavioral traces are exposed externally, creating privacy and reputational risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The autonomous schedules enable unattended repeated posting and actions over long periods, but the file does not present a strong up-front warning about account impact, resource consumption, public spam, or accidental continuous operation. Even with some safety rails later in the document, users may adopt the schedules without appreciating the operational and reputational consequences.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The manifest explicitly describes saving a token and writing persistent API anchor data to disk, but it does not provide a user-facing warning about local persistence, storage location, retention, or sensitivity. This is dangerous because users or host agents may unknowingly persist secrets or behavioral state that can later be read by other local processes, leaked via backups, or reused across sessions without informed consent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The manifest advertises an autonomous loop and schedule support for repeated interaction with an external service, but it does not warn that unattended execution may post content, alter world state, or perform repeated actions without real-time user review. In this skill's context, the risk is elevated because the described capabilities include posting, travel, social-graph updates, and even stealing, making unintended autonomous actions materially impactful.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal