Back to skill

Security audit

Dota2-Stats-Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Dota 2 stats lookup skill that runs a local Python script and queries OpenDota, with no evidence of hidden data access or destructive behavior.

Install this if you are comfortable letting the agent run the bundled Python script and send Dota player names, account IDs, match IDs, hero IDs, and query filters to OpenDota. Use `refresh` deliberately because it asks OpenDota to refresh player data rather than only reading cached results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs the agent to run a Python script with network access and implies file access from fixed filesystem paths, but the skill metadata does not declare those capabilities or permissions. This creates a transparency and governance gap: operators may approve or invoke the skill without understanding that it executes local code and sends data off-host to an external API.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is described primarily as a stats/query tool, but it also exposes a state-changing POST operation to /players/{account_id}/refresh. That creates behavior beyond passive lookup and can cause unintended external actions, rate-limit consumption, or surprise side effects if an agent invokes it without clear user intent.

External Transmission

Medium
Category
Data Exfiltration
Content
python scripts/dota2_query.py <command> [args]
```

The script uses only the Python standard library, so no pip install is required. It needs network access to `https://api.opendota.com/api` and uses browser-like HTTP headers to reduce 403 risk.

## Command Selection
Confidence
91% confidence
Finding
https://api.opendota.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.