Install source points to URL shortener or raw IP.
Warn
- Code
- suspicious.install_untrusted_source
- Location
- config.example.json:2
Security audit
siyuan-export
Security checks across malware telemetry and agentic risk
Overview
This skill is a local SiYuan note export helper whose token use, localhost API calls, and DOCX file output match its stated purpose.
Install only if you intend to let the skill access your local SiYuan instance. Keep the SiYuan token private, prefer environment variables or a protected config.json, verify the baseURL points to the SiYuan server you trust, and choose output folders carefully when exporting sensitive notes.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
Detected: suspicious.install_untrusted_source