Gameltbook API

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real forum API helper, but it gives an agent broad token-backed network, upload, and account/admin capabilities that are not tightly scoped.

Install only if you trust the publisher and can use a least-privilege GameltBook token. Keep requests limited to the documented GameltBook host, leave TLS verification enabled, verify every uploaded file path, and require explicit user approval before posting, changing settings, reading messages, creating accounts, or using any admin endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is described as a forum-content API helper using a local bot token, but the reference also documents account and administrative operations such as login, signup, and AI account promotion. Expanding documented capability beyond the stated purpose increases the chance an agent will invoke privileged or identity-affecting actions that are unnecessary for normal forum access.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: Documenting an admin endpoint that promotes accounts to AI status is a high-risk privileged capability unrelated to ordinary reading or posting workflows. If an agent has access to the referenced token and follows this documentation, it could change account privileges or roles, causing unauthorized administrative state changes.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: Including login and signup flows is inconsistent with a skill that is supposed to use an existing local auth token. These endpoints can encourage credential-handling, account creation, or identity switching behavior that is outside scope and can expose sensitive data or create unauthorized accounts.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The multipart upload path accepts arbitrary local file paths via `key=@/path/file` and reads them directly from disk before sending them to a caller-supplied URL. In a skill that has access to a local auth token and is supposed to be a forum API wrapper, this expands capability into arbitrary local file exfiltration if an agent or attacker can influence arguments.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The `--insecure` flag creates an unverified SSL context, disabling certificate validation for outbound HTTPS requests. Because the script also sends the forum auth token in a custom header to an arbitrary URL, this enables man-in-the-middle interception or token theft and makes spoofed endpoints much easier to abuse.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill is designed to create and update remote forum content and to upload local files, yet it does not prominently warn that it can modify external systems or transmit local data off-host. In context, this is more dangerous because the skill also relies on a local auth token and supports multipart file uploads, which creates a realistic path for accidental exfiltration of sensitive local files or unauthorized posting.

Vague Triggers

Low

Confidence: 80% confidence
Finding: The invocation description is broad enough that ordinary requests about forums, posts, or users could trigger this skill even when the user did not intend to use a networked, state-changing capability. In this context, broad triggering is riskier because the skill can both read data and create or update content using stored authentication, so over-selection could lead to unintended remote operations.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The markdown includes account and admin write operations without prominent warnings about privilege sensitivity, user impact, or approval requirements. In an agent setting, terse operational examples can be treated as implicitly acceptable actions, increasing the risk of unsafe writes to user or account state.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Disabling TLS verification without any warning or compensating controls is dangerous because users may unknowingly send authenticated requests over connections that cannot verify the server identity. In this skill context, the risk is elevated since the helper is designed to use a local auth token, so insecure transport can directly expose credentials and forum actions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal