Back to skill

Security audit

品牌热点营销助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a real brand-marketing helper, but it saves a billable API key in a predictable local file and can automate public Xiaohongshu posting.

Review before installing. Prefer manual publishing, use a limited or test Zeelin App-Key, delete ~/.zeelin_config or .zeelin_config when finished, and only use auto-publish if you accept Xiaohongshu account enforcement risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to read and reuse a persisted App-Key from local storage across sessions, even though generating marketing content only requires the key for the current transaction. Persisting API credentials in a generic local file increases theft and unintended reuse risk, especially in shared hosts or multi-skill environments.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
Writing the user's App-Key to ~/.zeelin_config creates durable credential material on disk that may be readable by other processes, backups, or later skills. This exceeds the core need of a one-time API call and materially raises the chance of credential compromise and unauthorized billing or account use.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The privacy statement claims generated content will not be reused or shared, but the documented auto-publish workflow explicitly uploads generated content and images to Xiaohongshu. This is a transparency failure that can mislead users about onward data disclosure and undermine informed consent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill mandates persistent storage of a user credential without clearly warning about local secret exposure, cross-session reuse, or compromise risk. Because the stored value is a billable App-Key, inadequate disclosure materially increases the chance users unknowingly expose sensitive credentials.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The workflow instructs the agent to download remote images and save them locally without telling the user where files are stored, for how long, or who can access them. Silent data-at-rest creation increases privacy and operational risk, especially on shared systems or managed agent runtimes.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly directs the agent to read, persist, reuse, and partially display a user-provided App-Key from local storage across sessions. Cross-session credential reuse broadens the blast radius of any compromise and normalizes secret handling outside secure secret-management mechanisms.

Ssd 3

High
Confidence
99% confidence
Finding
Persisting and overwriting the user's App-Key in a local file creates a long-lived credential store with unclear permissions, lifecycle, and access boundaries. If the host or workspace is compromised, attackers can reuse the key to access the vendor service and potentially consume the user's balance.

Ssd 3

Medium
Confidence
95% confidence
Finding
The workflow repeatedly normalizes automatic reuse of previously stored credentials for later tasks, which increases the chance that future requests proceed with stale, unintended, or compromised secrets. In an agent setting, habitual silent reuse reduces user awareness and weakens consent boundaries around billed external actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.