Back to skill

Security audit

SkillHub.cn 技能上传操作指南

Security checks across malware telemetry and agentic risk

Overview

The skill is a publishing guide, but it includes a real-looking IMA ClientID and API key in the published instructions, creating a credential exposure risk.

Review this carefully before installing or sharing. The publishing guidance is mostly coherent, but the embedded IMA credential should be treated as exposed: rotate/revoke it, replace it with placeholders or environment-variable examples, and avoid running the IMA snippets unless you own that account and intend to create or modify those notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The document embeds real-looking IMA ClientID and API key values directly in a distributable SKILL.md, contradicting its own guidance not to include secrets. Anyone with access to the file can reuse these credentials to interact with the IMA API, causing unauthorized note creation, modification, or broader account abuse depending on token scope.

Missing User Warnings

High
Confidence
98% confidence
Finding
This guide includes a live-looking API credential in plaintext and presents it as ready-to-use sample code, which materially increases the chance of accidental reuse and exposure. Because the file is an upload guide intended for sharing, the surrounding context makes the secret more likely to propagate into repositories, archives, and public skill packages.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:239