WoW Lookup

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed World of Warcraft lookup helper that uses expected game-data APIs, with some credential-handling and install-scope cautions but no artifact-backed malicious behavior.

Install only if you trust the separate `wow` CLI that will be symlinked, since the executable was not included in the reviewed artifact. Prefer environment variables or a protected config file with restrictive permissions for Blizzard and Warcraft Logs secrets, and expect character names, realms, regions, and optional API credentials to be used with the relevant third-party services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill clearly performs network-backed lookups against Raider.io and optionally Blizzard and Warcraft Logs, but it does not explicitly disclose that user-supplied character identifiers and configured credentials will be transmitted to third-party services. This is primarily a privacy/transparency issue rather than code execution, but it can still expose user queries and operational metadata to external providers without informed consent.

Session Persistence

Medium

Category: Rogue Agent
Content: ### Config File Create `~/.config/wow/config.env`: ```bash # Defaults
Confidence: 83% confidence
Finding: Create `~/.config

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal