Back to skill

Security audit

SkillHub.cn 技能一键发布指南

Security checks across malware telemetry and agentic risk

Overview

This skill is a publishing guide, but it exposes real-looking credentials and tells agents to use them for authenticated publishing and remote note import operations.

Do not install or follow this guide as-is. Treat the exposed SkillHub token and IMA credentials as compromised, rotate them, replace all secrets with placeholders or secure runtime references, and require explicit user confirmation before publishing or uploading any local file content to external services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The document directly embeds what appear to be live SkillHub and IMA credentials while simultaneously instructing agents to use them for authenticated operations. This is a severe secret-exposure issue because any reader or downstream agent can reuse the tokens to publish content, access remote services, or impersonate the account owner.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The guide's stated purpose is publishing a skill to SkillHub, but it also includes code to import documents into IMA using hardcoded credentials and a local file read. This expands the skill's effective capability beyond its declared scope and creates a pathway for unintended data exfiltration to a remote API.

Missing User Warnings

High
Confidence
98% confidence
Finding
The guide presents a real authentication token as a value to retrieve and use, which normalizes handling secrets in plaintext and encourages copy-paste use by any agent or reader. In the context of an operational publishing guide, this makes credential theft and unauthorized publishing substantially more likely.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instructions direct authenticated login and publish operations using a plaintext token but do not clearly warn that these commands will transmit credentials to an external registry. While authentication itself is expected for publishing, combining real embedded credentials with outbound commands increases the chance of accidental misuse or unauthorized publication.

Missing User Warnings

High
Confidence
99% confidence
Finding
This example contains hardcoded IMA client credentials and sends SKILL.md-derived content to a remote API, creating both credential exposure and outbound data exfiltration risk. Because the code reads a local file and uploads it, any sensitive content present in that file could be transmitted without adequate review or authorization.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:177