Back to skill

Security audit

微博下载器 / Weibo Downloader

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Weibo media downloader, but it automatically creates and stores long-lived Weibo visitor cookies in a risky way, so users should review it before installing.

Install only if you are comfortable with the skill contacting Weibo/passport.weibo.com, automatically creating visitor cookies, and keeping them locally for up to about a year. Treat storage/weibo_cookies.pkl as sensitive, delete it when no longer needed, and prefer a version that stores cookies in a safer format with clear opt-in and cleanup controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and documents network access and local file reads/writes but does not declare corresponding permissions. That mismatch is dangerous because users or hosting platforms cannot accurately assess or constrain what the skill will do, especially since it also persists cookies locally and fetches remote content. In this context, undeclared capabilities reduce transparency and weaken trust boundaries rather than indicating overtly malicious behavior.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The code does more than media downloading: it actively automates acquisition of long-lived Weibo visitor cookies and explicitly attempts to bypass the platform's visitor system, then reuses those credentials. This expands the trust and legal/security boundary of the skill beyond its stated purpose and can enable unauthorized or policy-violating access using persisted session state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that visitor cookies are cached for 365 days, but it does not present this as a clear user warning or privacy/security consideration. Persistent credential-like artifacts on disk can be reused by other local processes or users, and long retention increases exposure if the machine is shared or compromised. The surrounding context makes this more concerning because the feature is framed as a convenience and bypass mechanism rather than as sensitive state that requires informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill serializes the full requests cookie jar to disk using pickle without an explicit warning, consent flow, or file-permission hardening. Persisted session cookies can be reused by other local processes or users to impersonate the session, and pickle adds additional risk because loading a tampered file can execute arbitrary code.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
Confidence
96% confidence
Finding
requests>=2.28.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.