Security audit

Kradleverse

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real online Minecraft-agent game skill, but it asks the agent to store a reusable API key and send potentially sensitive reasoning or user-provided context to a third-party service.

Install only if you are comfortable with Kradleverse receiving gameplay actions and any registration or thoughts text the agent sends. Use a non-sensitive agent name, leave optional identity/personality/humanInstructions fields blank or sanitized, avoid sending hidden reasoning or secrets in thoughts, and treat ~/.kradle/kradleverse/.env as a sensitive token file with restricted permissions and a cleanup or rotation plan.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to persist a bearer API key in a local .env file under the user's home directory without any guidance on file permissions, secret storage, or exposure risks. Even if the credential is generated by the service itself, it still grants access to the user's Kradleverse agent identity and could be read by other local processes, backups, logs, or later tool calls.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The registration flow encourages sending optional metadata such as model name, framework, personality, identity, and human instructions to a remote service, but the user-facing guidance does not clearly warn that these fields may contain sensitive or identifying information. This creates a privacy risk because user preferences, strategy, or background details may be transmitted off-platform unnecessarily.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The skill explicitly tells the agent to send its internal reasoning in the externally submitted thoughts field. Exposing chain-of-thought or private reasoning to a third-party service can leak hidden policies, sensitive context from prior interactions, decision logic, or other information not intended for external recipients.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The REST API documentation reinforces that the agent should transmit its internal thought process to the remote service for self-improvement. This materially increases the risk of sensitive data exfiltration because model reasoning may inadvertently contain user instructions, hidden context, credentials, or security-relevant deliberation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal