Back to skill

Security audit

play

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed game-launching skill whose main risk is that it would run a local Ashen Era CLI executable if the referenced archives are present.

Install only if you are comfortable with a skill that runs a local native game executable from its package. Keep usage to the documented play command, and verify the publisher/source if release archives are later supplied because the reviewed artifact did not include checksums or inspectable bundled binaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to invoke shell commands and run a local launcher script, but it declares no corresponding permissions or trust boundary. That creates hidden execution capability, making it easier for a caller or downstream system to trigger local code execution without clear consent, review, or sandbox expectations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill description promises a narrowly scoped, honest play-and-report workflow, but the file only provides narrative instructions and points to a generic launcher rather than enforcing those constraints technically. This mismatch is dangerous because operators may trust the stated behavior while the actual execution surface is broader and could accept unintended or unsafe arguments, resulting in execution paths not covered by the description.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The skill tells the agent to execute a local shell script that selects and runs a bundled binary, but it provides no explicit warning or confirmation that a local executable will be launched. While expected in context, this still matters because users may not realize the action crosses from text generation into local code execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script unpacks a bundled tarball into a runtime directory, sets execute permissions, and immediately executes the resulting binary with no integrity verification, provenance check, or user disclosure. If the archive in assets/releases is replaced, tampered with, or supplied through an untrusted distribution channel, this becomes a direct arbitrary code execution path on the host.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.