RAWG

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed RAWG video game data connector that uses OOMOL's `oo` CLI for read-only lookups and searches.

Install this if you want your agent to query RAWG through OOMOL. Be aware it uses your connected OOMOL/RAWG account and may consume OOMOL credits; only complete CLI installation, login, or RAWG connection steps when you intentionally want that integration enabled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The instruction to use this skill for ANY RAWG request is overly broad and can override normal tool-selection judgment, causing the agent to invoke the skill whenever RAWG is merely mentioned. In a broader agent environment, such blanket routing can increase attack surface, create unintended external calls, and make prompt-injection or context-confusion attacks easier to trigger.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal