ClawHub

Agent Rpg

Security checks across malware telemetry and agentic risk

Overview

This RPG skill is mostly as advertised, but its save-file script can be made to write outside its intended RPG memory folder.

Use only simple campaign names such as letters, numbers, underscores, or hyphens. Avoid campaign names containing slashes, backslashes, dots, or absolute paths, and do not store private real-world details in campaign journals until the path handling is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
`get_campaign_path(campaign)` directly appends untrusted user input to `MEMORY_ROOT` without validation or normalization. An attacker can supply values such as `../...` or absolute-like paths to escape `memory/rpg` and cause subsequent reads and writes to target arbitrary filesystem locations.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
`init_campaign` uses the attacker-controlled campaign path to create directories and write multiple files (`world.json`, `character.json`, `npcs.json`, `journal.md`). Because the campaign value is not constrained, path traversal can turn this RPG state manager into an arbitrary local file write primitive, which is especially dangerous in an agent skill that may run with access to host files.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The markdown explicitly describes persistent state files and provides commands that modify character data, inventory, flags, and journals, but it does not clearly notify users that invoking the skill will create and update files on disk. This is primarily a transparency and consent issue that can lead to unexpected data retention, accidental overwrites, or privacy concerns in environments where persistent memory is sensitive.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal