Back to skill

Security audit

alist

Security checks across malware telemetry and agentic risk

Overview

This is a coherent alist admin client, but it grants broad destructive administrative control and stores login tokens locally with limited safeguards.

Install only if you intend to give the agent administrative control over your alist instance. Use a least-privileged API key or account where possible, avoid running destructive commands from vague prompts, keep verification enabled, and delete or protect the local token cache after use on shared systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documents broad capabilities including environment-variable credential intake, file operations, and network access, yet declares no permissions or trust boundaries. In an agent setting, this under-specification is dangerous because operators may invoke a highly privileged admin client without realizing it can read secrets from the environment and perform destructive remote actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill presents a full administrative client with destructive capabilities such as delete, reset, restore, task clearing, and user/storage management, but lacks prominent safety warnings about irreversibility and system impact. In an agent workflow, this increases the chance of accidental destructive execution through normal-language prompting or misunderstood automation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples normalize destructive actions like file deletion and task clearing without any warning, confirmation advice, or dry-run guidance. Example code is often copied directly, so unsafe examples materially raise the risk of accidental data loss in a privileged storage-management context.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The client caches an authentication token in a predictable local file next to the script without setting restrictive permissions, encryption, or prominently disclosing this persistence behavior. On multi-user systems or shared workspaces, another local user or process could recover the token and gain the same alist access as the authenticated user, including potentially administrative access.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
| `search <keyword>` | `--scope 0/1/2` | 搜索文件 |
| `mkdir <path>` | — | 创建目录 |
| `rename <path> <name>` | — | 重命名(name 不含路径) |
| `move <src> <dst> <names...>` | `--no-verify` | 批量移动,默认查任务列表,status=4 成功则自动清理任务 |
| `recursive-move <src> <dst>` | `--no-verify` | 递归移动,同上:查任务列表 + 自动清理 |
| `copy <src> <dst> <names...>` | `--no-verify` | 批量复制,同上:查任务列表 + 自动清理 |
| `remove <dir> <names...>` / `rm <dir> <names...>` | — | 批量删除文件/目录 |
Confidence
93% confidence
Finding
--no-verify

Tool Parameter Abuse

High
Category
Tool Misuse
Content
| `mkdir <path>` | — | 创建目录 |
| `rename <path> <name>` | — | 重命名(name 不含路径) |
| `move <src> <dst> <names...>` | `--no-verify` | 批量移动,默认查任务列表,status=4 成功则自动清理任务 |
| `recursive-move <src> <dst>` | `--no-verify` | 递归移动,同上:查任务列表 + 自动清理 |
| `copy <src> <dst> <names...>` | `--no-verify` | 批量复制,同上:查任务列表 + 自动清理 |
| `remove <dir> <names...>` / `rm <dir> <names...>` | — | 批量删除文件/目录 |
| `tree [path]` | `--depth` | 树形展示目录结构 |
Confidence
93% confidence
Finding
--no-verify

Tool Parameter Abuse

High
Category
Tool Misuse
Content
| `rename <path> <name>` | — | 重命名(name 不含路径) |
| `move <src> <dst> <names...>` | `--no-verify` | 批量移动,默认查任务列表,status=4 成功则自动清理任务 |
| `recursive-move <src> <dst>` | `--no-verify` | 递归移动,同上:查任务列表 + 自动清理 |
| `copy <src> <dst> <names...>` | `--no-verify` | 批量复制,同上:查任务列表 + 自动清理 |
| `remove <dir> <names...>` / `rm <dir> <names...>` | — | 批量删除文件/目录 |
| `tree [path]` | `--depth` | 树形展示目录结构 |
Confidence
93% confidence
Finding
--no-verify

Tool Parameter Abuse

High
Category
Tool Misuse
Content
| `move <src> <dst> <names...>` | `--no-verify` | 批量移动,默认查任务列表,status=4 成功则自动清理任务 |
| `recursive-move <src> <dst>` | `--no-verify` | 递归移动,同上:查任务列表 + 自动清理 |
| `copy <src> <dst> <names...>` | `--no-verify` | 批量复制,同上:查任务列表 + 自动清理 |
| `remove <dir> <names...>` / `rm <dir> <names...>` | — | 批量删除文件/目录 |
| `tree [path]` | `--depth` | 树形展示目录结构 |

### 存储管理
Confidence
87% confidence
Finding
rm <dir> <names...>` | — | 批量删除文件/

Unsafe Defaults

Medium
Category
Tool Misuse
Content
# 跨存储大文件:增加 timeout(默认查 alist 任务列表验证,避免预占空间误判)
client.move("/mnt/sda2", "/mnt/sdb1/movie", ["movie.mp4"], timeout=3600)
# 跳过验证(不推荐)
client.move("/mnt/sda2", "/mnt/sdb1/", ["x.mp4"], verify=False)
client.remove("/mnt/sda2", ["old_file.mp4"])

# 存储管理
Confidence
90% confidence
Finding
verify=False

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.