ClawHub

Unity Plugin

Security checks across malware telemetry and agentic risk

Overview

This appears to be a genuine Unity editor bridge, but it grants broad project-changing and code-execution control without enough visible guardrails.

Install only if you intentionally want OpenClaw to control a Unity Editor session. Use it on backed-up or version-controlled projects, keep the gateway local and away from untrusted networks, and require explicit human review before using script.execute, package.add from Git, asset or scene deletion, save operations, batch execution, or input simulation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The documented `script.execute` capability allows reflection-based method invocation, which substantially exceeds simple Unity editor control and creates a generic code-execution surface inside the Unity process. In a skill that may be driven by natural-language requests, this can be abused to invoke unsafe project or editor APIs, mutate arbitrary state, or reach sensitive functionality not explicitly scoped by the tool list.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Allowing package installation from arbitrary Git URLs introduces remote code and dependency acquisition into the project, which is broader than the stated Unity editing/control purpose and can import untrusted code. This expands the attack surface from local editor manipulation to supply-chain compromise and unauthorized project modification.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The manifest description is very broad and can cause the skill to trigger on many ordinary Unity-related requests without clear scoping or safety boundaries. Because this skill exposes powerful editor-control capabilities, overbroad matching increases the chance of unintended activation for destructive, privacy-sensitive, or project-altering operations.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill advertises numerous state-changing and destructive operations such as scene loading/saving, object destruction, asset deletion, package changes, and play-mode/editor control without prominent warnings about their consequences. In a Unity Editor context, accidental or overly eager use could corrupt project state, lose work, or introduce unwanted dependency and asset changes.

Missing User Warnings

High
Confidence
97% confidence
Finding
The examples explicitly promote arbitrary `script.execute` usage, including reflection-based method invocation, without any warning that this is effectively code execution inside the Unity environment. This materially raises risk because it can be used to run unsafe logic, mutate project or runtime state, access sensitive game/editor functionality, or invoke unintended APIs beyond the rest of the documented tool surface.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The plugin exposes a general-purpose `unity_execute` tool that can enqueue destructive editor actions such as `gameobject.delete`, scene manipulation, play/stop control, and input simulation without any confirmation, authorization gate, or policy restriction. In an agent setting, this materially increases the risk of unintended or prompt-induced destructive actions against an active Unity project, especially because the tool description explicitly advertises destructive capabilities and the implementation forwards arbitrary tool names/parameters to the connected editor.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
`scene.open`, `scene.save`, and related scene-management operations can overwrite the active editor state and modify project content, yet the reference does not warn users that these actions are state-changing and potentially destructive. In an agentic context, lack of warnings increases the risk of accidental data loss or unintended edits being performed without informed consent.

Missing User Warnings

High
Confidence
96% confidence
Finding
The reference exposes direct object and asset deletion operations without emphasizing that they can irreversibly remove scene objects or project files. In a tool-driven agent workflow, undocumented destructive behavior makes accidental or malicious deletion materially easier and can cause substantial project corruption or loss.

Missing User Warnings

High
Confidence
98% confidence
Finding
The command-execution feature is documented as supporting reflection-based calls but lacks any warning about its ability to invoke arbitrary project/editor functionality. Because this is effectively a privileged execution primitive inside Unity, the absence of safety guidance materially increases the chance of misuse, hidden side effects, and execution of dangerous methods.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Input simulation tools can click UI, type text, press keys, and drive gameplay/editor interactions, which can trigger unintended actions such as deleting assets, changing settings, or confirming dialogs. While such tools fit the Unity testing use case, the lack of warnings or guardrails makes accidental misuse more likely in an autonomous-agent setting.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Package installation is described without warning that it changes project dependencies and may fetch remote code, especially when using Git URLs. In practice this can alter the build, execute imported editor scripts, or introduce malicious dependencies, making the omission security-relevant rather than purely informational.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal