问道笔录Game

Security checks across malware telemetry and agentic risk

Overview

This is a coherent text adventure skill that stores and updates local game progress, with no evidence of hidden code execution, credential access, or data exfiltration.

Install this as a game skill, preferably in a dedicated folder. Use fictional character details if you do not want personal details saved, and keep a backup if you care about preserving a previous game_state.md file before starting a new cycle.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs updating persistent game state with reincarnation data, but the surrounding flow does not present a clear user-facing warning that state will be modified or that prior run data may be reset or overwritten. In an agent setting, this can cause unintended destructive changes if the model executes the transition automatically or the user does not realize the permanence of the action.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The new-cycle instructions include resetting character information, clearing the inventory, and clearing current-life history while preserving only selected inheritance data. These are destructive state transitions, and the skill does not require an explicit confirmation at the point of action, creating risk of accidental data loss or irreversible progression changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal