Mahjong AI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Mahjong assistant; the main caution is privacy when sending game photos through messaging or AI-vision services.

Install only if you are comfortable sending Mahjong hand or table photos through your OpenClaw and messaging setup. Crop images to the tiles/table, avoid faces, documents, location clues, or other private background details, and use the bundled analyzer only with Mahjong tile inputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README encourages users to send photos of their mahjong hands through OpenClaw-connected messaging platforms for AI vision analysis, but it does not warn that images may be transmitted to third-party services and could expose metadata, conversation context, or other personal information. While the content is game-related rather than inherently sensitive, the omission can mislead users about privacy and data-handling risks, especially when using external messaging platforms.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal