Zhihu Cli

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about controlling a local Zhihu CLI, but it lets an agent post, vote, follow, and delete account content without strong confirmation safeguards.

Install only if you trust `pyzhihu-cli` and are comfortable letting an agent operate your logged-in Zhihu account. Before any post, vote, follow, or deletion, require the exact command and target ID/title and confirm it yourself; avoid `-y` unless you explicitly requested that exact deletion. Use QR login only through a private, user-confirmed channel, do not paste cookies into chat, delete copied QR images after login, and run `zhihu logout` when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill includes destructive deletion commands (`delete-question`, `delete-pin`, `delete-article`, including `-y`) without clearly warning that these actions may be irreversible and should require explicit user confirmation. In an agent-execution context, this increases the risk of accidental or overly broad content deletion if the user's intent is misparsed or if an ID is wrong.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal