BizyAir 文件上传

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: uploads user-selected files to BizyAir/Alibaba OSS and can list BizyAir input resources when asked.

Install only if you intend to send selected local files to BizyAir/Alibaba OSS. Keep the API key in BIZYAIR_API_KEY or another trusted secret store, avoid pasting it into conversation, and use the list feature only when you are comfortable exposing names and URLs of prior BizyAir input resources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill requires access to environment variables and external network services, but it does not declare those capabilities explicitly. This weakens user and platform transparency, making it easier for sensitive data such as API keys or local file contents to be accessed or transmitted without clear permission signaling.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The documented purpose emphasizes file upload and URL retrieval, but the skill also describes listing previously uploaded resources and using Alibaba Cloud OSS as an additional backend service. That broader behavior matters for privacy and trust because users may not expect enumeration of stored resources or transmission to a third-party storage provider beyond BizyAir itself.

Description-Behavior Mismatch

Medium

Confidence: 86% confidence
Finding: The README documents a `--list` capability that enumerates previously uploaded resources, which goes beyond the stated upload-only purpose of the skill. This scope expansion can expose metadata or URLs for stored assets and increases the chance of unintended data access if users or downstream agents invoke functionality not clearly disclosed in the manifest.

Description-Behavior Mismatch

Low

Confidence: 75% confidence
Finding: The version history explicitly states support for querying lists, reinforcing that the skill includes functionality beyond the described upload-focused intent. While this is primarily a documentation/scope mismatch, such hidden or under-declared capabilities reduce transparency and can enable broader data exposure than users expect.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The evals test a capability to list a user's BizyAir resources, while the skill description frames the skill as an upload helper for local files. That scope expansion matters because listing existing resources exposes account metadata and URLs, creating an access/privacy surface beyond the declared purpose and potentially enabling unauthorized enumeration if the skill is granted broader API access than users expect.

Description-Behavior Mismatch

Medium

Confidence: 77% confidence
Finding: The skill description emphasizes file upload and URL retrieval, but the implementation also supports enumerating previously uploaded resources. This expands the data-access scope beyond the stated purpose and can expose metadata and URLs for other stored assets when users or operators expect a narrower capability.

Context-Inappropriate Capability

Medium

Confidence: 82% confidence
Finding: The resource-listing capability is not necessary to perform a local file upload and therefore increases the skill's privilege and data exposure surface. In an agent setting, this can enable unintended inventorying of prior resources, including names and accessible URLs, which may reveal sensitive content or internal workflow artifacts.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README instructs users to upload local files to external BizyAir and Alibaba OSS services but does not clearly warn that local data will be transmitted to third-party infrastructure. In a file-upload skill, this omission is important because users may upload sensitive images, audio, or video without understanding the privacy, retention, or jurisdictional implications.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill tells users they may provide an API key in conversation, but it does not clearly warn that credentials should not be pasted into chat unless absolutely necessary and securely handled. This creates a direct risk of credential exposure through logs, transcripts, model context, or unintended retention in the conversation system.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill omits a clear user-facing warning that selected local files will be transmitted to external services during the upload workflow. In this context, that matters because the skill handles local images, audio, and video, which may contain personal, confidential, or regulated data that users might not realize is leaving their device.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal