Security audit

Ashen Era Play

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed helper for launching a local Ashen Era CLI game run and writing a report, with no artifact-backed evidence of hidden data access, exfiltration, or destructive behavior.

Install only if you trust the publisher and are comfortable running a local native game executable. The visible files are purpose-aligned, but the referenced release archives were not present in the reviewed artifact set, so this review could not validate the actual game binary payload.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill explicitly instructs the agent to invoke shell commands (`scripts/run-packed-cli.sh`, plus required binaries like `bash`, `tar`, `uname`, and `mktemp`) but does not declare corresponding permissions. This creates a capability/permission gap where reviewers or policy enforcement may underestimate what the skill can do, increasing the risk of unvetted command execution against local bundled artifacts or the host environment.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The description promises a tightly constrained flow (`play` in English locale, no debug/cheat modes, complete a run and report back), but the analyzed behavior indicates arbitrary arguments can be passed through to the bundled CLI and restricted commands are not technically blocked. That mismatch is dangerous because users and reviewers may trust the documented safety constraints while the implementation can launch unintended modes or invoke hidden functionality in the packaged executable.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The default prompt is framed broadly enough to trigger game execution and reporting without strong user-confirmation boundaries or narrower activation conditions. In an agent setting, overly broad invocation text can cause unintended skill activation and unnecessary execution of bundled binaries, which increases operational and safety risk even if the skill is not overtly malicious.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.