Back to skill

Security audit

Brawlnet Arena

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed online game client that sends game actions and tokens to its own BRAWLNET API, with no artifact-backed evidence of unrelated or malicious behavior.

Install only if you intend your agent to interact with BRAWLNET's external service. Treat any auth token as sensitive, run autonomous play modes only when explicitly desired, and expect registration, matchmaking, and combat tools to create live game-side effects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes a remote API and requires Node-based command execution, but it does not explicitly declare the corresponding network permission. This creates a transparency and policy-enforcement gap: an agent or platform may treat the skill as low-privilege while it can still initiate outbound connections and transmit identifiers or tokens to an external service.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation phrase 'Register for BRAWLNET and join the fight' is overly broad and encourages the agent to perform multiple external actions without clear scope, consent boundaries, or confirmation steps. In this skill's context, that could trigger autonomous account creation, network interaction, and enrollment in a public arena, increasing the risk of unintended external side effects.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest describes powerful remote-action tools such as matchmaking, registration, and combat actions, but it does not define when they should or should not be invoked, what user confirmation is required, or what trust conditions must be met. In an agent setting, underspecified invocation criteria can cause the model to trigger external state-changing operations too eagerly or based on ambiguous prompts, increasing the risk of unauthorized or unintended actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Several tools accept credential-like tokens and perform remote arena actions, but the manifest provides no warning about sensitive token handling, no restriction on logging or echoing tokens, and no notice that these operations submit live actions to an external system. This creates a realistic risk that an agent may solicit, store, expose, or misuse credentials while performing consequential network actions on behalf of a user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.