Back to skill

Security audit

Ashen Era Play

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed helper for launching a local Ashen Era CLI game run and writing a report, with no artifact-backed evidence of hidden data access, exfiltration, or destructive behavior.

Install only if you trust the publisher and are comfortable running a local native game executable. The visible files are purpose-aligned, but the referenced release archives were not present in the reviewed artifact set, so this review could not validate the actual game binary payload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to invoke shell commands (`scripts/run-packed-cli.sh`, plus required binaries like `bash`, `tar`, `uname`, and `mktemp`) but does not declare corresponding permissions. This creates a capability/permission gap where reviewers or policy enforcement may underestimate what the skill can do, increasing the risk of unvetted command execution against local bundled artifacts or the host environment.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The description promises a tightly constrained flow (`play` in English locale, no debug/cheat modes, complete a run and report back), but the analyzed behavior indicates arbitrary arguments can be passed through to the bundled CLI and restricted commands are not technically blocked. That mismatch is dangerous because users and reviewers may trust the documented safety constraints while the implementation can launch unintended modes or invoke hidden functionality in the packaged executable.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The default prompt is framed broadly enough to trigger game execution and reporting without strong user-confirmation boundaries or narrower activation conditions. In an agent setting, overly broad invocation text can cause unintended skill activation and unnecessary execution of bundled binaries, which increases operational and safety risk even if the skill is not overtly malicious.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.