Back to skill

Security audit

pogo-pvp

Security checks across malware telemetry and agentic risk

Overview

This Pokémon GO PvP helper is purpose-aligned and local-only, but users should know it stores and can update a local inventory file.

Install only if you are comfortable with the skill keeping a local Pokémon inventory and refreshing public PvPoke data from GitHub. Review data/my_pokemon.json after using evaluation commands, because blank move fields may be filled with recommended moves automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
If the skill actually writes user Pokémon data to local storage, updates records automatically, and performs inventory/team analysis beyond the declared query-only behavior, that is a real transparency and data-handling problem. Users and operators may believe they are invoking a read-only lookup tool when it persists personal gameplay data and changes local state, which can undermine consent, privacy expectations, and security review assumptions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The evaluation path performs a hidden state-changing write to my_pokemon.json by auto-populating moves when none are present. A command that appears read-only but mutates persisted user data can overwrite user expectations, create integrity issues, and make later actions operate on data the user never explicitly approved.

Vague Triggers

High
Confidence
72% confidence
Finding
A single-character alias has very high collision risk with normal language and can cause unintended skill activation or incorrect entity resolution if the surrounding platform uses loose matching. In a conversational agent, this can be abused to steer workflows, trigger wrong lookups, or create prompt-routing confusion more easily than longer domain-specific aliases.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This command silently writes recommended moves back to the user's stored dataset without any warning, confirmation, or clear indication in the response. Silent persistence is dangerous because users may trust evaluation as a non-destructive operation, while the code changes future behavior and could mask original user data or preferences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.