Back to skill

Security audit

qwencloud-model-selector

Security checks across malware telemetry and agentic risk

Overview

This is a coherent QwenCloud model-selection skill with disclosed CLI login and browser-opening behavior, but users should review those side effects before using it.

Install only if you are comfortable with an agent using the QwenCloud CLI and local CLI session for live model, pricing, and usage data. Prefer asking the agent to show the login URL instead of opening it automatically, review any global npm install, and approve any CLAUDE.md or AGENTS.md registration edits only if you want persistent skill discovery.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to execute OS-specific commands like `open`, `xdg-open`, or `start` to launch a browser locally. That exceeds a model-selection skill’s scope and causes side effects on the host environment, which is risky because the URL originates from CLI output and the agent is told to run the command automatically rather than obtain explicit consent first.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The workflow says to proactively open the authorization URL without an explicit warning that a local browser-launch command will be executed. Even if the URL is legitimate, silently triggering local UI actions can surprise users, violate least astonishment, and create opportunities for abuse if upstream output is ever manipulated.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.