rites to localStorage key 'rtsurl'; {utag} programmatically submits keystrokes to the chat input field (Fa.value=..., Fa.dispatchEvent(new KeyboardEvent('keypress',{key:'Enter'}))) to inject chat messages. No event.origin filtering at all. Attack surface is any slither.io frame that can postMessage to the page."},{"icon":"upload","actor":"remote","label":"Exfiltrated","detail":"Sent to a third-party endpoint."}],"blocks":[{"kind":"plain_note","title":"Mechanism","body":"main-mt.js:637 registers window.addEventListener('message', U7) with no origin check. U7 (main-mt.js:924-925) handles three message types: {playsrv} triggers game server switch to attacker-specified IP via m7(); {rsvars} writes to localStorage key 'rtsurl'; {utag} programmatically submits keystrokes to the chat input field (Fa.value=..., Fa.dispatchEvent(new KeyboardEvent('keypress',{key:'Enter'}))) to inject chat messages. No event.origin filtering at all. Attack surface is any slither.io frame that can postMessage to the page."}],"scaleMetrics":[],"trustTier":"ai-found","userActions":[]},"variant":"inline","expectedKind":"unexpected","showVerificationBadge":false}]]}],"$L25"],"$L26"]}]]}] 21:["$","footer",null,{"className":"border-border space-y-6 border-t pt-6","children":["$","div",null,{"className":"text-muted-foreground flex flex-wrap gap-x-5 gap-y-1 text-xs","children":[["$","span",null,{"children":["Updated ","30 May 2026"]}],["$","span",null,{"className":"font-mono","children":"hpgaehmokjbdfkbgkeifbfogjalkpfgb"}]]}]}] 27:I[49250,["1588","static/chunks/9a40b71c-77ab85208a313387.js","2879","static/chunks/2879-07f8eaafbb89229d.js","7461","static/chunks/7461-dd3143d8605142b6.js","4784","static/chunks/4784-2a2a731556915ce1.js","5220","static/chunks/5220-862fadcd4ee89c43.js","5113","static/chunks/5113-859acfa2c0eb8491.js","4511","static/chunks/4511-22e6ba12d39686fe.js","4445","static/chunks/4445-2e3c46a33fbb2d98.js","7285","static/chunks/7285-a6ca321e064444f8.js","9285","static/chunks/9285-67c27bd8d6c98c77.js","1562","static/chunks/1562-4ba746657a72282f.js","9755","static/chunks/app/(pages)/extensions/%5Bslug%5D/page-000b2629d9d58bd3.js"],"GatedFindingsCta"] 25:["$","div","CWE-359-2",{"id":"finding-03","className":"border-border/60 bg-card/40 relative scroll-mt-24 overflow-hidden rounded-lg border px-3 py-4 sm:p-6","children":[["$","div",null,{"className":"absolute inset-y-0 left-0 w-[3px] bg-yellow-500","aria-hidden":true}],["$","$L24",null,{"claim":{"id":"79a79da6-b5e2-4712-a6ca-3399257f6e5f","slug":"case-79a79da6","cwe":"CWE-359","title":"Content script on slither.io transmits player telemetry (nick, score, coordinates, server IP, version) to ntl-slither.com every 4 seconds","headline":"Content script on slither.io transmits player telemetry (nick, score, coordinates, server IP, version) to ntl-slither.com every 4 seconds","userSummary":"NTL MOD for Slither.io has a medium-severity finding: Content script on slither.io transmits player telemetry (nick, score, coordinates, server IP, version) to ntl-slither.com every 4 seconds","severity":"medium","verificationStatus":"pending","timeline":[{"icon":"user","actor":"user","label":"You install","detail":"Extension installed from the Chrome Web Store."},{"icon":"extension","actor":"extension","label":"automatic on navigation","detail":"Trigger condition: automatic on navigation."},{"icon":"request","actor":"extension","label":"Data collected","detail":"main-mt.js:59 calls setInterval(If, 4000). If() calls ff() which calls Vn(bv+...) where bv='https://ntl-slither.com/slither/ntlplay-mt.php?auth='+xa+'&tid='+pa. The full URL includes &nick=&score=&valx=&valy=&bot=&sos=&food=&srv=&sid=&msg=&rank=&ver=&di= (main-mt.js:61). This fires automatically when user is playing, sending position and game state to ntl-slither.com controlled by the mod author."},{"icon":"upload","actor":"remote","label":"Exfiltrated","detail":"Sent to ntl-slither.com/slither/ntlplay-mt.php."}],"blocks":[{"kind":"plain_note","title":"Mechani

Is NTL MOD for Slither.io safe?

Findings