Who Is

Security checks across malware telemetry and agentic risk

Overview

This WHOIS skill appears to use a third-party XiaoBenYang API and stores an API key locally, but its files contain unrelated Gaokao/school-search leftovers that make the scope unclear.

Install only if you are comfortable sharing WHOIS lookup domains and an XBY API key with XiaoBenYang and having that key stored in a project-local .env file. Ask the publisher to remove the Gaokao leftovers, clearly document the third-party API data flow, and provide a non-persistent credential option before treating it as routine.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Intent-Code Divergence

Medium

Confidence: 78% confidence
Finding: The workflow example references unrelated gaokao/school-search tooling inside a WHOIS skill, indicating copy-paste contamination or poor maintenance. Such inconsistencies increase the chance of invoking the wrong backend functions, mishandling user input, or exposing data to unintended services, especially in agentic systems that rely on textual routing instructions.

Intent-Code Divergence

High

Confidence: 90% confidence
Finding: The file says the tool performs WHOIS protocol lookups, yet it also requires an API key and mandates API-based execution. That contradiction is dangerous because users may believe queries occur directly against authoritative WHOIS servers when in fact data and potentially sensitive lookups may be relayed through a third-party service, changing the trust boundary and privacy exposure.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: This configuration file is inconsistent with the declared WHOIS skill and instead manages credentials and defaults for an unrelated 'XBY_GAOKAO' service. In a skill ecosystem, that mismatch is a strong supply-chain red flag because it can cause the skill to collect, store, or use secrets for a different backend than users expect.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code persists an external API key into a local .env file even though a WHOIS lookup service should not normally require storing unrelated credentials. Unjustified secret persistence increases the chance of credential leakage through source control, backups, local file disclosure, or later reuse by other components.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The docstring identifies the code as a Gaokao skill configuration while the manifest says the skill is a WHOIS service. That identity mismatch is dangerous because it suggests code reuse from another project or intentional repurposing, reducing trust in the declared behavior and increasing the risk of hidden data flows to unrelated services.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The function writes the provided API key directly to .env without any user-facing warning, confirmation, or disclosure that the secret will be persisted on disk. Silent credential storage creates an avoidable risk of user surprise and secret exposure, especially in shared development environments or repositories.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal