ClawHub
Back to skill

Security audit

Amap Citywalk Mystery

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent location-based city exploration game, but it requires precise GPS check-ins and user photos through an external service without enough privacy or access-control disclosure.

Review this carefully before installing. It is intended to collect precise location check-ins and have users upload on-site photos; only use it if you trust the hosted service operator and are comfortable with that data flow. The publisher should add a clear privacy notice and document authorization controls for question uploads and check-in session creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The declared description emphasizes an Amap-based city mystery experience, but the actual behavior includes weather queries, backend interactions for question management and answer verification, and creation of check-in/location URLs through an external service. This hidden expansion of data flows and third-party processing can mislead users and reviewers about what data is collected, where it is sent, and which external systems participate in the experience.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The client exposes a backend write operation that uploads question-bank content, which goes beyond a typical player-facing city exploration assistant and enables modification of shared application data. If this script is accessible to the skill runtime or users without strong server-side authorization, it could be abused to inject malicious, misleading, or inappropriate content into the game experience.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The check-in command creates backend sessions and returns a live check-in URL, which is a state-changing operation not clearly limited to trusted operators. In a user-facing exploration skill, exposing session creation increases the risk of unauthorized session spawning, spam, or abuse of location-linked workflows if server controls are weak or absent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README makes GPS location sharing and on-site photo uploads mandatory for gameplay, but it does not disclose how sensitive location and image data will be handled, stored, shared, or protected. Because this skill is explicitly designed around real-world movement and verification, the omission creates a meaningful privacy and safety risk, especially if users unknowingly expose home/work patterns or identifiable imagery.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to click a link that triggers GPS collection and sends precise location to a service, but it does not clearly warn that exact coordinates will be shared with a backend or explain retention, purpose, and who receives the data. Precise geolocation is highly sensitive, and collecting it through an external check-in flow in chat-based contexts increases the risk of uninformed consent and privacy harm.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill requires users to upload photos for AI-based scene and clue verification, but it does not explicitly disclose that images will be processed by an AI model and possibly external services. User photos may contain faces, bystanders, home/work details, EXIF metadata, or other sensitive contextual information, making undisclosed image processing a meaningful privacy risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "sunfj",
  "license": "MIT",
  "dependencies": {
    "axios": "^1.18.1"
  }
}
Confidence
90% confidence
Finding
"axios": "^1.18.1"

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal