Back to skill

Security audit

自动登录助手

Security checks across malware telemetry and agentic risk

Overview

This auto-login skill exposes plaintext account credentials and asks agents to use them automatically, so it needs review before installation.

Do not install this version unless you fully trust the publisher and intentionally want these listed accounts used by agents. Treat every exposed password, agent key, and API key as compromised, rotate them, remove plaintext secrets from the skill and history, and require explicit approval before each credential retrieval or login.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill embeds multiple real plaintext credentials and API secrets directly in SKILL.md, including passwords, an agentKey, and an api_key. Because skill files are broadly readable by anyone with access to the repository or skill package, this creates immediate secret disclosure and likely account compromise across several third-party services.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The document claims credentials are only stored in SECRET.md and restricted to the main conversation, yet the same file contains the credentials inline. This mismatch is dangerous because it can mislead reviewers and operators into believing secrets are protected when they are already exposed in the skill content.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger condition 'when a task needs to log into a platform' is overly broad and lacks platform, workflow, and authorization constraints. In a credential-handling skill, this increases the chance of unintended invocation and automatic use of secrets in the wrong context, which can cause credential leakage or unauthorized account actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The 'Agent automatically reads' behavior does not define when credential access is permitted, who authorizes it, or what safeguards prevent unnecessary reads. For a skill that handles sensitive secrets, unclear invocation boundaries materially increase the risk of overbroad secret access and accidental disclosure to sub-agents or logs.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.