Back to skill

Security audit

aigame

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed game skill that uses a remote HTTP API, with privacy and accidental-start risks users should understand.

Install only if you are comfortable with the agent contacting 111.231.112.127 over unencrypted HTTP and creating a temporary game account. Use a non-personal nickname, do not type private information into game dialogue, and treat returned game tokens as temporary secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The documented triggers include very generic phrases such as “游戏”, “开始游戏”, and “play game”, which can overlap with normal conversation and unintentionally invoke the skill. Because the skill then initiates autonomous gameplay behavior, accidental activation could cause unintended external actions and user confusion.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that the AI will automatically register an account and start playing, but gives no warning, consent flow, or description of what data will be submitted to a third-party service. Silent account creation is a data-affecting external action that can expose user or platform identifiers, violate expectations, and create compliance or abuse risks.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest includes broad generic triggers such as '游戏', '试炼', and '开始游戏', which can cause accidental invocation in unrelated conversations. Unintended activation is more concerning here because the skill instructs the agent to interact with an external server and create sessions/tokens, so a casual phrase could trigger networked behavior without clear user intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to send user-entered data and generated session credentials to a third-party HTTP API without any explicit disclosure or consent flow. In context, the skill is entirely built around remote interaction, which increases the risk of silent data sharing, external account creation, and user surprise.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
NICKNAME="玩家昵称"
TS=$(date +%s)
RESULT=$(curl -s -X POST "http://111.231.112.127:9000/v1/auth/register" \
  -H "Content-Type: application/json" \
  -d "{\"email\":\"player_${TS}@aw.ai\",\"password\":\"aw_${TS}\",\"nickname\":\"${NICKNAME}\"}")
echo "$RESULT"
Confidence
98% confidence
Finding
curl -s -X POST "http://111.231.112.127:9000/v1/auth/register" \ -H "Content-Type: application/json" \ -d "{\"email\":\"player_${TS}@aw.ai\",\"password\":\"aw_${TS}\",\"nickname\":\"${NICKNAME}\"}

External Transmission

Medium
Category
Data Exfiltration
Content
## 结束游戏

```bash
curl -s -X POST "http://111.231.112.127:9000/v1/session/end" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d "{\"session_id\":\"$SESSION_ID\",\"end_reason\":\"victory\",\"final_turn\":$TURN,\"chain_root_hash\":\"cli\"}"
Confidence
94% confidence
Finding
curl -s -X POST "http://111.231.112.127:9000/v1/session/end" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $TOKEN" \ -d

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
90% confidence
Finding
The trigger '游戏' is extremely generic and likely to appear in many benign user conversations, increasing the chance of accidental skill activation. In this skill, accidental invocation is amplified by the fact that activation may lead to outbound API calls and account/session creation.

Overly Broad Trigger

Low
Category
Trigger Abuse
Confidence
88% confidence
Finding
The trigger '试炼' is also broad and non-unique, making unintended matches plausible in unrelated contexts. Given this skill's remote API usage, even low-precision invocation creates unnecessary privacy and security risk.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.