ClawHub
Back to skill

Security audit

cloud-game

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent cloud-game search and launcher, but it should be installed only if you are comfortable with play.cn searches, browser launches, and local caching of recent game queries.

Install if you want an AI helper to search Tianyi Cloud Game and open play.cn game pages. Avoid using it for searches you consider private, and consider clearing or disabling the local cache if you do not want recent game queries and results retained on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README states that the AI will automatically open game pages in the browser after matching or selection, but it does not clearly warn users about this side effect or indicate that explicit confirmation may be required. In a skill that can be triggered by natural-language requests, undocumented automatic browser launches can surprise users, create unwanted navigation, and normalize unsafe auto-opening behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill is explicitly designed to send user queries to remote play.cn APIs and open a browser page, but the user-facing description does not clearly disclose either behavior before activation. That creates a consent and transparency gap: users may provide game-related input without realizing it will be transmitted off-platform and may trigger an external browser launch.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.