Back to skill

Security audit

bilibili B站评论分析

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Bilibili comment-analysis wrapper that sends a user-provided video link to the AI Skills API, with no evidence of hidden persistence, local data harvesting, destructive behavior, or deception.

Install only if you are comfortable giving this skill an AI Skills API key and sending the Bilibili link, parsed video metadata, and analysis task data to the configured AI Skills service. Use a service-specific API key and avoid submitting private or internal links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares required environment variables and describes making authenticated remote API calls, but does not declare permissions even though it uses environment access and network capabilities. This creates a transparency and policy-enforcement gap: a user or host may approve the skill without understanding it can read secrets and send data off-platform, increasing the risk of unintended secret exposure or external data exfiltration.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest sets allow_implicit_invocation: true without any visible trigger constraints, which can cause the skill to be invoked automatically in broader contexts than intended. For a skill that analyzes user-provided Bilibili links and generates audience and sentiment insights, this increases the chance of unintended activation on unrelated user inputs, potentially exposing user data to the skill or causing actions the user did not explicitly request.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script takes a user-supplied Bilibili link, sends it to a remote service for parsing, then submits derived metadata such as contentId, contentTitle, and sourceUrl to additional remote APIs. In a skill that may be invoked by end users, this is a real data-sharing/privacy issue because the file contains no user-facing notice, consent check, or minimization of transmitted fields, so users may unknowingly disclose viewing targets or sensitive/internal links if misuse occurs.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.