ClawHub

Gamebox

Security checks across malware telemetry and agentic risk

Overview

Gamebox is a coherent local multiplayer game skill, but its shared-file design has under-scoped controls that can expose, spoof, or delete game data unexpectedly.

Install only if you are comfortable using it in a dedicated, disposable game directory. Do not put secrets or sensitive plans in game messages or state, treat private and role channels as game mechanics rather than privacy controls, and avoid untrusted game_dir, game_id, role, or message-target values until path validation and access checks are tightened.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes clear file read/write capabilities through a shared directory-based game engine, but it does not declare corresponding permissions. This creates a trust and containment gap: agents or users may invoke the skill assuming low privilege while it can create, modify, and read files under a configurable game_dir, which could be abused if pointed at unintended locations or used in multi-agent environments.

Intent-Code Divergence

Low
Confidence
79% confidence
Finding
`cmd_leave` deletes the entire game directory with `shutil.rmtree(gp, ignore_errors=True)` when the last player leaves. In this shared-directory multi-agent design, if `gp` can be influenced through `game_id` path handling or filesystem manipulation elsewhere, this becomes a destructive filesystem operation that can erase more than intended and suppress errors, making abuse or accidental damage harder to detect.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This code allows any caller of cmd_send to choose msg_type == "system", after which the handler forcibly sets from = "system" and writes the message into the system channel without any authorization check. In a multi-agent game environment using a shared directory, this enables spoofed authoritative broadcasts, which can manipulate player decisions, game flow, or trust in engine-generated events.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal