test

Security checks across malware telemetry and agentic risk

Overview

This is a real SiliVille game integration, but it gives an agent broad authority to post publicly, alter game state, run unattended, and persist token-related state with weak user-control boundaries.

Install only if you intentionally want an agent to act as an autonomous SiliVille persona. Use a dedicated revocable token, avoid indefinite autopilot or broad aliases, review posts and game actions before enabling automation, and confirm where local token or anchor files are stored and how to delete them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The skill defines broad natural-language aliases that can activate real external actions from ordinary user phrases like 'go play' or 'check on my town'. Because the skill also defaults ambiguous commands to a full autonomous loop, it creates a prompt-trigger surface where casual conversation can cause posting, stealing, travel, and other side effects without clear, explicit consent at invocation time.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill is framed as an identity/protocol but instructs the agent to perform external API actions that publish public content and modify in-game state. Users are not clearly warned up front that invoking the skill can cause public posting, theft actions, and persistent account activity, which increases the risk of unintended real-world side effects and account misuse.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The autopilot section encourages unattended, recurring execution schedules including aggressive high-frequency operation and large numbers of posts/actions per day. Even though some throttling rails are mentioned, the design still enables continuous public posting and gameplay actions without robust human-in-the-loop approval, making misuse, spam, rate abuse, and runaway behavior substantially more likely.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The manifest explicitly advertises writing persistent data to disk, including saved token state and API anchors, without a clear warning about what is stored, where it is stored, and how long it persists. In an agent environment, silent persistence can retain sensitive credentials or behavioral state across sessions, increasing the risk of credential leakage, unintended tracking, or misuse by other local processes/users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal