Back to skill

Security audit

Qiniu Upload

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uploads a selected local file to Qiniu Cloud and returns a URL, which users should treat as intentional external sharing.

Install only if you intend to let the agent upload selected local files to Qiniu. Use dedicated least-privilege Qiniu credentials, confirm whether your bucket/domain produces public URLs or signed private URLs, and avoid uploading sensitive files unless that external storage and sharing behavior is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill requires environment secrets and performs networked uploads, but those capabilities are not explicitly declared as permissions. This weakens reviewability and informed consent because operators may not realize the skill can access cloud credentials and transmit local file contents to an external service.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The invocation description is broad enough to match generic requests about preparing files, obtaining URLs, or downstream processing, which can cause the skill to trigger in situations where the user did not clearly intend external upload. In this context, overbroad matching is risky because activation can lead to exfiltration of local files to a third-party cloud and generation of publicly accessible links.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation does not prominently warn that the skill uploads local files to an external cloud provider and may return public URLs, creating a clear risk of unintended data disclosure. This is especially dangerous because the skill is designed to bridge local files into downstream services, increasing the chance users pass sensitive audio, documents, or media without appreciating the exposure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This skill uploads an arbitrary local file to an external cloud service and returns a public or signed URL, but the code contains no user-facing confirmation, warning, or policy checks before exfiltrating local data. In an agent setting, that is dangerous because a prompt or downstream toolchain could cause sensitive local files to be transferred off-host without the user clearly understanding that external network transmission will occur.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/upload.js:24