Security audit
微博数据助手 SocialDataX
Security checks across malware telemetry and agentic risk
Overview
This skill is a read-only Weibo research helper that uses a SocialDataX API key and npm CLI commands for the stated purpose.
Install only if you trust SocialDataX and are comfortable providing SOCIALDATAX_API_KEY and sending Weibo research queries to its service. The main practical risk is the unpinned npm @latest CLI dependency, so behavior depends on the current published package version.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.