ClawHub

Hytale Server

Security checks across malware telemetry and agentic risk

Overview

This skill transparently manages a local Hytale server, with expected use of a user-provided downloader, credentials file, and background server process.

Install only if you are comfortable running a local Hytale server and executing the official downloader you place in ~/hytale_server. Treat hytale-downloader-credentials.json as sensitive: keep the directory private, avoid committing or syncing it, and use restrictive file permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the user to place a credential file in a working directory and later run update operations, but it does not warn that this file contains sensitive authentication material or describe how it should be protected. In an agent skill context, omission of credential-handling guidance increases the chance that secrets are stored with weak permissions, exposed in logs, bundled into backups, or mishandled by follow-on automation.

Credential Access

High
Category
Privilege Escalation
Content
- Java 21+ (Installed)
- Screen (Installed)
- Hytale Downloader (User must provide)
- Credentials (User must provide `hytale-downloader-credentials.json` in `~/hytale_server`)

## Setup
Confidence
88% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
- Make it executable: `chmod +x ~/hytale_server/hytale-downloader-linux-amd64`

2. **Add Credentials:**
   - Place your `hytale-downloader-credentials.json` in `~/hytale_server/`.

## Commands
Confidence
90% confidence
Finding
credentials.json

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal