Back to skill

Security audit

PanSou 网盘搜索

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed PanSou search client that contacts a user-configured server and stores a local auth token, with no evidence of hidden or unrelated behavior.

Install only if you trust the PANSOU_URL server you configure. Search terms and, if authentication is enabled, PANSOU_USER/PANSOU_PWD will be sent to that server; prefer HTTPS and the default POST search mode, and remember that the local token is stored at ~/.config/pansou/token.json.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill uses sensitive capabilities including environment variables, local file read/write, and network access, but does not declare permissions for them. This reduces transparency and reviewability, making it easier for a skill to access credentials, persist tokens under the user home directory, and send data to a user-supplied remote endpoint without explicit permission gating. The context increases risk because the skill stores auth tokens locally and performs HTTP authentication/search requests to a configurable URL.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger list includes broad, everyday phrases such as '找资源' and '搜索网盘', which can cause accidental invocation outside a clearly intended security boundary. Unintended activation could lead to network requests, token verification/login attempts, and resource searches against a configured external service when the user did not mean to invoke this specific skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When --get is used, the user's search keywords and filters are embedded in the URL query string. URLs are commonly logged by shells, proxies, reverse proxies, browser/history-like tooling, and server access logs, so potentially sensitive searches for movies, software, or study materials may be exposed more broadly than intended.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.