Back to skill

Security audit

秒秒AI助理

Security checks across malware telemetry and agentic risk

Overview

This is a real third-party AI assistant wrapper, but its broad auto-activation and thin privacy disclosure create a meaningful risk of sending ordinary chats or sensitive content to Link-AI without clear user intent.

Install only if you intentionally want ordinary assistant requests routed through Link-AI/Miaomiao. Use a dedicated API key, avoid enabling debug mode with sensitive prompts, and do not send private documents, secrets, regulated data, logistics details, or location/travel information unless you trust the provider and understand its data handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
When debug mode is enabled, the client prints the full request payload and full response body, which can include user prompts, conversation history, app identifiers, and potentially sensitive model outputs. In this skill context, the tool is a general-purpose assistant handling arbitrary user tasks, so logging raw conversations increases the chance of privacy leakage through console logs, log aggregation systems, or operator access.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger keywords are extremely broad, including terms like '任意问题' and general chat phrases, which can cause the skill to activate for ordinary conversations unrelated to the user explicitly choosing this external assistant. In this skill's context, over-triggering is more dangerous because activation can route user content to a third-party multi-function API, creating unintended data disclosure and loss of user control.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation shows requests being sent to a remote API but does not warn that user prompts, documents, or queries may be transmitted to an external provider. In a multi-capability assistant skill, users may submit sensitive personal, location, logistics, or document content, so the lack of disclosure materially increases privacy and compliance risk.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The description says to invoke the skill whenever the user needs an AI assistant with multiple practical functions or mentions related keywords, which is extremely broad. This can cause the skill to activate for many unrelated requests and unnecessarily route user data to an external service.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The automatic invocation criteria include generic intents like ordinary chat, search, summarization, maps, and weather without any trigger constraints. In context, this makes the skill more dangerous because it is a multi-function external agent that may receive broad categories of user prompts and associated data by default.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples send prompt content to an external AI/chat service via `chat(...)` and `MiaoMiaoClient()` but do not clearly warn users that their input may leave the local environment and be processed by a third party. In a skill/example context, developers often copy sample code directly into production or testing workflows, so the lack of disclosure increases the risk of unintentionally transmitting sensitive data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The client sends user content and message history to a third-party remote API, which is expected for an assistant backend but still constitutes data sharing that users may not realize. Because this skill is broad and may receive sensitive prompts across many domains, undisclosed transmission of full conversation history meaningfully raises privacy and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.