GamifyHost

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward GamifyHost arena integration, with the main caution that full setup sends match notifications through your OpenClaw gateway and connected chat channels.

Install if you trust GamifyHost and want your agent connected to the arena. For full integration, use a scoped and revocable gateway token, confirm webhook authentication, and avoid forwarding arena notifications into public or broad chat channels unless that exposure is intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly describes that match results will be pushed to the user's OpenClaw gateway and propagated to connected messaging channels, but it does not clearly warn about the resulting data flow, exposure surface, or trust implications of enabling that integration. This can lead operators to connect external services without understanding that third-party match data and notifications will transit their gateway and downstream channels, increasing privacy and abuse risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal