Back to skill

Security audit

Zai Usage

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Z.AI quota checker, but it requires handling a sensitive Z.AI browser token carefully.

Install only if you are comfortable giving the skill access to your Z.AI session token for quota checks. Store the token only in a private secrets file, restrict permissions to owner read/write, do not paste it into chats or commit it, and refresh or revoke it if exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script explicitly instructs users to retrieve a live JWT from browser local storage via DevTools. That encourages manual extraction of sensitive session credentials outside a safer OAuth/API-key flow, increasing the chance of token mishandling, reuse, or leakage through shell history and local files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly instructs users to extract a live JWT from browser local storage and reuse it outside the browser session, but it does not clearly warn that this is a sensitive bearer credential that can grant account access until expiry or revocation. Encouraging users to copy session tokens into files or shell environments materially increases the risk of credential theft, accidental disclosure, and account misuse.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs users to extract a JWT from browser local storage and save it to a local file without any warning about its sensitivity, lifetime, or protection requirements. This encourages unsafe credential handling and could expose an account bearer token to other local users, logs, backups, shell history, or malicious tools, enabling unauthorized API access and quota abuse.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script silently reads a local credential file and immediately uses the token in an authenticated request without any disclosure, confirmation, or visible indication beyond a status line. Even though the network destination matches the stated monitoring purpose, undisclosed credential use reduces user awareness and can normalize secret access patterns that are hard to audit.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script loads a JWT from local files and later sends it as a Bearer token, but provides no runtime notice or consent prompt before using the credential. In a skill context, silent credential use can surprise users and normalize placing high-value tokens in sourceable files that may be read or modified unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal