Domain Lookup

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed API-based domain lookup helper, but users should notice that it sends lookups to a third-party service and saves the provided API key in a local .env file.

Install only if you are comfortable giving this publisher an API key and sending domain lookup queries to xiaobenyang.com. Treat the saved .env file as sensitive, avoid committing or sharing it, and review the copied school-search references as a quality issue rather than evidence of malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill appears to require environment access, local file read/write, and network access to function, yet it declares no permissions. This creates a transparency and consent problem: a user or host may not realize the skill can persist secrets locally and contact remote services, increasing the risk of unauthorized data handling or unexpected side effects.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The skill claims to be a comprehensive local domain-research MCP server, but the documentation shows it is actually a thin client/proxy to an upstream third-party API and stores an API key in a local .env file. This mismatch can mislead users about where their queries and secrets are going, which is dangerous because domain lookup data, user inputs, and credentials may be transmitted to or retained by an external service unexpectedly.

Description-Behavior Mismatch

High

Confidence: 92% confidence
Finding: The workflow documentation references unrelated gaokao/school-search behavior inside a domain lookup skill, indicating copy-paste contamination or poor maintenance. In security-sensitive tooling, such inconsistencies are dangerous because they can cause the model or operator to invoke the wrong functions, mishandle user input, or trust incorrect assumptions about what code paths are actually exercised.

Intent-Code Divergence

High

Confidence: 90% confidence
Finding: The inline routing example explicitly shows invocation of a school-search function in a skill purportedly dedicated to domain research. This contradiction increases the chance of incorrect tool routing, unintended data disclosure to unrelated backends, or operational confusion during agent execution.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code persists an API key into a local .env file automatically, without any confirmation, warning, or file-permission handling. This increases the risk of credential exposure through source control commits, local filesystem access, backups, or accidental sharing of the project directory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal