Back to skill

Security audit

Juejin Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Juejin publishing helper that uses the user's own Cookie to publish selected Markdown files, with no evidence of hidden or unrelated behavior.

Install only if you are comfortable giving this skill a Juejin browser Cookie and allowing it to post to your Juejin account. Keep juejin.env private, do not commit or share the Cookie, rotate it if exposed, and use --draft-only when you want to review before public publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly instructs users to place an authentication Cookie into a local environment file, but provides no warning that the Cookie is a sensitive bearer credential equivalent to account access. In the context of an auto-publishing skill that authenticates directly to a third-party platform, this increases the risk of accidental credential leakage through commits, logs, screenshots, backups, or insecure file handling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instructions tell users to extract a full browser Cookie and store it in a local env file, but they do not clearly emphasize that this Cookie is equivalent to account session credentials and can enable account takeover or unauthorized publishing if exposed. Because the skill uses Cookie-based auth for network requests, accidental disclosure through logs, backups, or broader file access could directly compromise the user's Juejin account.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill is presented as an automated publishing helper, but it does not prominently warn that execution can create drafts or publish content to the user's real Juejin account, causing externally visible and potentially irreversible actions. In this context, hidden side effects are especially risky because the skill is designed to act on behalf of the user against a live third-party platform.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script explicitly requires a live Juejin authentication cookie and then uses it to perform account-impacting actions (draft creation and publication). Although that is core to the skill’s purpose, there is no strong runtime consent or warning before transmitting the credential and publishing content, which increases the risk of unintended account actions or misuse if the skill is run in an automated agent context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.