Back to skill

Security audit

Kimi Integration

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Kimi/Moonshot setup guide with some API-key handling cautions but no hidden or malicious behavior.

Install this only if you intend to route Clawdbot model requests through Moonshot/Kimi. Avoid printing full API keys in terminals or logs, prefer a protected .env file or secret manager over global shell exports, and run the test script only with non-sensitive prompts and keys you are prepared to revoke.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The description frames the skill as a documentation guide, but the content instructs users to run live connectivity tests that transmit prompts to external providers and rely on local API keys. That mismatch matters because operators may invoke or trust the skill as passive documentation while it encourages actions that expose secrets and send data off-platform.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The troubleshooting section tells users to print API key environment variables directly to the terminal. This can expose secrets in shell history, terminal scrollback, screen recordings, logs, or shared sessions, creating a straightforward path to credential leakage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example instructs users to place long-lived API keys in shell startup files such as ~/.bashrc or ~/.zshrc, which can cause those secrets to be inherited broadly by spawned processes and persist in plaintext on disk. While common, this guidance increases the chance of accidental disclosure via local compromise, debugging output, backups, or overly broad environment exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.