Kimi Code Quota

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill does what it advertises, but it can expose private Kimi account usage and API-key metadata during use.

Install only if you want the agent to open your Kimi Code account pages. Ask it to report only the quota and high-level API-key status you need, avoid sharing masked key fragments or identifiers, and delete quota.png after use if it contains account details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger list includes generic terms such as "quota" and "kimi code plan," which can cause the skill to activate in contexts that do not clearly indicate the user wants browser automation against an authenticated account. Because the skill opens a logged-in console and inspects subscription and API key status, ambiguous triggering increases the chance of collecting or exposing sensitive account data without sufficiently explicit user intent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to enter the user's account console and read API key table contents, but it does not prominently warn that sensitive account data will be accessed. In this context, API key metadata and account usage information are sensitive operational details, and the absence of an explicit warning or consent checkpoint makes accidental over-collection and disclosure more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal