Unity Skill

Security checks across malware telemetry and agentic risk

Overview

This Unity skill is purpose-built for editor control, but it gives an AI bridge broad project-changing, code-executing, and package-installing authority without visible per-action safeguards.

Install only if you intend to let OpenClaw control and modify Unity projects. Keep disableModelInvocation enabled, use version control or backups, restrict gateway access to trusted/local use, and require explicit human approval before using script.execute, package.add/remove, asset deletion, save operations, input automation, or batch execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (13)

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The skill is presented as Unity Editor control, but it also exposes `script.execute` and reflection-based invocation, which enables arbitrary code execution inside the Unity process. That materially expands the trust boundary from editor automation to full in-process execution, allowing modification of project data, execution of dangerous editor/runtime APIs, and potential pivoting into the host environment through Unity/.NET capabilities.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The documented examples show direct execution of arbitrary C# snippets and reflection-based method calls, which is effectively remote code execution within the Unity Editor or Play mode context. In this environment, code can alter scenes, assets, editor state, PlayerPrefs, packages, and potentially access filesystem or network-capable APIs available to Unity/.NET code.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The tool reference exposes package installation and removal, including Git-based package sources, which expands the skill from editor control into project dependency modification and code import. That increases supply-chain and project integrity risk, especially if users or downstream agents are not clearly informed that third-party code can be pulled into the Unity project.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The documented script.execute tool supports reflection-based method calls, which effectively enables arbitrary invocation of project code and state-changing operations beyond the manifest's stated scope. In a Unity environment, this can trigger hidden editor scripts, modify assets or settings, and execute unsafe side effects with the user's editor privileges.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: session.getInfo returns machineName, processId, and sessionId, exposing host and process identity data not clearly necessary for ordinary Unity development tasks. Such metadata can aid fingerprinting, cross-session correlation, or targeting of specific hosts in multi-tool environments.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents destructive operations such as object destruction, asset movement/deletion, scene loading/saving, package changes, and other state-changing actions without prominent warnings about irreversible project impact. In a tool that can directly mutate Unity projects, lack of user-facing safety warnings increases the risk of accidental destructive actions and data loss.

Missing User Warnings

High

Confidence: 95% confidence
Finding: Examples normalize arbitrary script execution and reflection calls without any warning that these operations can execute unbounded code in the Unity process. That omission is dangerous because users may treat the examples as routine editor automation while they actually permit highly privileged actions affecting project integrity and potentially the surrounding environment.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The plugin exposes a generic `unity_execute` tool that can invoke destructive Unity Editor operations such as deleting GameObjects, changing scene state, entering Play mode, or simulating input, without any confirmation, allowlist enforcement, or safety interlock. In an agent setting, this materially increases the risk of unintended or prompt-induced destructive actions against an active Unity project, especially because the tool description explicitly advertises dangerous capabilities.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: Scene-opening and saving operations can overwrite editor state and persist unintended changes, but the documentation presents them without any warning about data impact. In an agent-driven workflow, omission of such warnings makes accidental destructive actions more likely because users may not realize these tools modify project files.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documented destroy/delete tools perform destructive object removal without warning about irreversible or hard-to-audit effects on the active scene. In this skill context, an agent can rapidly alter or remove scene content, causing data loss or difficult-to-diagnose project changes.

Missing User Warnings

High

Confidence: 98% confidence
Finding: script.execute is documented as a convenience feature but includes arbitrary side-effecting actions and reflection-based calls with no safety warning. This is particularly dangerous because it can execute privileged editor/runtime logic, change persistent state, and serve as a generic escape hatch around narrower tool boundaries.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: Input automation can click UI, type text, and issue mouse/keyboard events without warnings about unintended actions. In the Unity Editor, that can trigger destructive menu items, alter settings, or interact with other focused windows if context shifts unexpectedly.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: Package installation and removal change project dependencies and can introduce incompatible, malicious, or unstable code, yet the documentation omits warnings about these effects. Git-based installation is especially risky because it can import unreviewed external content directly into the development environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal