Weibo Login

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only skill for logging into Weibo by QR code; its main risk is that the browser may keep a reusable logged-in session.

Install only if you want the agent to help create a Weibo browser login session. Use a dedicated browser profile if possible, approve any later scraping or posting separately, and log out or clear cookies when you no longer want the session available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation description is broad enough that the skill could be invoked whenever a user mentions Weibo login, without clearly limiting use to explicit user-requested authentication. Because the skill establishes a persistent authenticated browser session that can later enable scraping or posting, ambiguous triggering increases the chance of unintended account-affecting actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly states that login is used to maintain session state for later scraping or posting, but it does not warn users that authentication persists and may be reused for future account actions. This creates a meaningful consent and account-safety issue because a user may authorize login for one purpose without understanding that the same session can later be used to access data or perform actions on their behalf.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal