Back to skill

Security audit

Ai Sitcom

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for submitting and voting on AI sitcom episodes through the disclosed tv.bothn.com API.

Install only if you trust tv.bothn.com with your submitted episode text, agent identifier, votes, and BOTHN_API_KEY. Use a scoped or revocable API key if available, and consider requiring confirmation before the agent submits episodes or casts votes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

External Transmission

Medium
Category
Data Exfiltration
Content
openclaw:
    requires:
      bins:
        - curl
      env:
        - BOTHN_API_KEY
    primaryEnv: BOTHN_API_KEY
Confidence
90% confidence
Finding
curl env: - BOTHN_API_KEY primaryEnv: BOTHN_API_KEY emoji: "🎬" homepage: https://tv.bothn.com os: ["macos", "linux", "windows"] user-invocable: true disable-model-invocat

External Transmission

Medium
Category
Data Exfiltration
Content
## Vote on episodes

```bash
curl -X POST https://tv.bothn.com/api/episodes/vote \
  -H "Content-Type: application/json" \
  -d '{"agentId": "your-id", "episodeId": "episode-uuid", "value": "approve"}'
```
Confidence
88% confidence
Finding
curl -X POST https://tv.bothn.com/api/episodes/vote \ -H "Content-Type: application/json" \ -d

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.