Security audit

企雀AI助手

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for a real business integration, but it handles API secrets in an unsafe and persistent way that users should review before installing.

Install only if you are comfortable giving this skill access to the target business system. Do not paste real app_secret values into ordinary chat; use a vault, environment secret, or scoped connector if available, and rotate any credentials already shared. Prefer least-privilege, short-lived credentials and confirm how to delete or revoke stored secrets before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to load and keep API credentials persistent between turns, increasing the chance that secrets remain accessible longer than necessary in memory or conversational state. In an LLM/agent context, retained secrets can be exposed through prompt leakage, cross-task confusion, logs, or unintended reuse in unrelated conversations.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The workflow tells users to paste `app_id` and `app_secret` directly into chat, which is a dangerous channel for credential collection because chat transcripts may be logged, retained, inspected, or accidentally echoed back. This materially raises the risk of credential theft and unauthorized API use, especially since these are backend secrets rather than user-facing tokens.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The instruction to persist newly provided credentials and overwrite stored values in memory/config text state promotes ongoing retention of sensitive secrets in places that may not have proper access controls or audit boundaries. This broadens exposure duration and increases the blast radius if agent memory, config files, or transcripts are accessed by unauthorized parties.

Ssd 3

High

Confidence: 99% confidence
Finding: The prompt instructs the agent to collect app_id and app_secret and store them long-term for reuse, which creates an unnecessary persistent secret store inside the agent workflow. Persisting API credentials indefinitely increases the blast radius of prompt leakage, memory disclosure, cross-session access, and unauthorized reuse, especially because these credentials can enable access to business/customer operations in a medical-aesthetics system.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal