Back to skill

Security audit

Game Scout

Security checks across malware telemetry and agentic risk

Overview

Game Scout is a disclosed game-research skill that uses third-party search and scraping services, with no evidence of hidden persistence, credential theft, destructive behavior, or unrelated local data access.

Install this only if you are comfortable sending game-related queries and source URLs to Exa, Bright Data, and YouTube tooling using your own API keys. Avoid private URLs, account details, access tokens, or sensitive notes in prompts, and keep the API keys in ~/.openclaw/.env out of source control or shared logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes local scripts via `node` and `python3` and instructs reading local reference files, which implies shell execution and file-read capability without declaring corresponding permissions. This creates a transparency and policy-control gap: the host may permit actions the user was not clearly informed about, increasing the risk of unintended command execution or local file access during skill runs.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The script adds a general Twitter/X scraping capability via Bright Data that is broader than the stated game-strategy skill purpose. In an agent skill context, unrelated scraping utilities expand data-access and exfiltration surface, making it easier for the skill to collect third-party content or user-supplied targets without clear necessity or consent boundaries.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger guidance is very broad for a skill that performs live web aggregation, including generic phrases like 'how to play', 'what does X do', and effectively any mention of a video game by name. That can cause over-activation on ordinary conversation, leading the agent to unnecessarily invoke external search/scraping behavior, increasing data exposure, cost, and the chance of acting on untrusted web content.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README tells users to place API credentials in a local env file but provides no guidance on protecting that file, avoiding commits, or limiting credential scope. While this is common setup documentation, omission of secret-handling precautions increases the likelihood of accidental exposure through source control, logs, screenshots, or permissive local file access.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger condition includes very broad language such as 'any question mentioning a video game by name,' which can cause the skill to activate on loosely related prompts. Over-triggering is risky here because the skill performs external searches and scraping, so unintended activation can lead to unnecessary third-party requests, broader data exposure to external services, and surprising behavior for users.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill prominently instructs use of Exa and Bright Data to search, scrape, and retrieve third-party content, including social media, but does not provide a user-facing warning or consent boundary around external data access. This is dangerous because user queries may be sent to multiple outside services and URLs may be scraped unexpectedly, creating privacy, compliance, and trust issues even if the underlying purpose is legitimate.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The script sends user-supplied URLs and optional country metadata to a third-party scraping provider without any meaningful notice, validation, or consent flow beyond terse CLI usage text. This creates a privacy and data-handling risk because users may unknowingly cause internal, sensitive, or identifying URLs to be transmitted to Bright Data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
User-provided X/Twitter URLs are sent to Bright Data, a third-party service, with no explicit warning beyond CLI usage. This creates a privacy and trust risk because user-supplied targets and the fact of lookup are disclosed externally, which is especially concerning in an agent environment where users may not expect external brokerage/scraping providers to receive their inputs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script transmits the user's raw query, optional domain filters, and potentially the same query again for summary generation to a third-party API without any explicit privacy notice or consent mechanism beyond CLI syntax. In an agent context, users may not realize their prompts are leaving the local environment, which can expose sensitive or identifying information if the query contains private data.

External Transmission

Medium
Category
Data Exfiltration
Content
// Step 1: Trigger async collection
const triggerResp = await fetch(
  `https://api.brightdata.com/datasets/v3/trigger?dataset_id=${datasetId}&notify=false&include_errors=true`,
  {
    method: "POST",
    headers,
Confidence
83% confidence
Finding
https://api.brightdata.com/

External Transmission

Medium
Category
Data Exfiltration
Content
if (includeSummary) body.contents.summary = { query };
}

const resp = await fetch("https://api.exa.ai/search", {
  method: "POST",
  headers: { "Content-Type": "application/json", "x-api-key": apiKey },
  body: JSON.stringify(body),
Confidence
88% confidence
Finding
fetch("https://api.exa.ai/search", { method: "POST"

External Transmission

Medium
Category
Data Exfiltration
Content
if (includeSummary) body.contents.summary = { query };
}

const resp = await fetch("https://api.exa.ai/search", {
  method: "POST",
  headers: { "Content-Type": "application/json", "x-api-key": apiKey },
  body: JSON.stringify(body),
Confidence
88% confidence
Finding
https://api.exa.ai/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.