Back to skill

Security audit

xianyu-automation-skill

Security checks across malware telemetry and agentic risk

Overview

This Xianyu store automation skill is purpose-aligned, but it asks for sensitive store authority while its advertised safety controls are not clearly enforced in the provided code.

Review before installing. Use this only with a dedicated low-permission Xianyu application key, keep semi-automatic mode enabled, require confirmation for any listing/order/price/shipping write, verify the dependent Xianyu client and product-manager skills, and do not rely on the claimed safety caps until the code actually enforces them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The method advertises that it refreshes product activity, but it never performs any update and still returns success for reachable products. This can mislead downstream automation, operators, or audit logic into believing marketplace actions occurred when they did not, creating integrity issues and unsafe business decisions based on false state.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.