Security audit

高可靠性文本审核器

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent Baidu content-review skill, but users should treat its cloud upload, credential handling, and safety claims cautiously.

Install only if you are comfortable sending reviewed text or images to Baidu cloud services and storing Baidu API credentials locally. Avoid using it on confidential, regulated, or personal content unless you have permission and understand Baidu’s data handling. Treat any “safe” rewrite as a lower-risk draft that still needs human review before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill documentation describes capabilities that read user-supplied files, write a generated output file, and call an external Baidu API, but it does not declare any permissions. That mismatch hides the real security boundary from users and reviewers, increasing the chance that sensitive files are processed or transmitted without informed consent.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The prompt makes absolute assurances such as '零风险' and '绝对不会' about platform moderation outcomes, which a text-audit workflow cannot actually guarantee. This can mislead downstream users or agents into overtrusting the output, reducing human review and increasing the chance of policy, legal, or business harm when content is later flagged anyway.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: Labeling the result as an '绝对安全' final version overstates the system's capability and creates a false sense of certainty. In a compliance-review skill, this is especially risky because users may publish sensitive or borderline content based on that assurance and skip additional checks.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to store Baidu API credentials in a general config file without any guidance on secret handling, scope limitation, or storage protections. This can lead to credential leakage through local compromise, accidental sharing, backups, logs, or reuse by unrelated skills.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill states that it performs Baidu API review and AI deep analysis, which implies user text will be sent to external services, but it does not warn about that data disclosure. Users may submit confidential, regulated, or personal content under the false assumption that analysis is purely local.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script sends user-provided text and local image contents to Baidu cloud moderation endpoints, but the CLI does not provide a clear user-facing notice or consent step before transmitting potentially sensitive data off-device. In a text-auditing skill, users may reasonably expect local analysis or may not realize that file contents and images are being uploaded to a third party, creating privacy, compliance, and data-handling risks.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal