Back to skill

Security audit

Dub.co Links API

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is scoped to Dub short-link management, but users should be careful with API keys and delete or bulk operations.

Install this only if you want an agent to manage Dub short links in the authenticated workspace. Use a least-privilege Dub API key if possible, keep the key out of chat and logs, and require the agent to show the exact link IDs, domains, and payload before update, delete, or bulk operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The OpenAPI spec grants far broader capabilities than the skill metadata advertises, including analytics, customer, partner, payout, and bounty operations. This creates a dangerous permission and expectation mismatch: a user or orchestrator invoking a 'dub links api' skill could unknowingly expose or mutate unrelated sensitive resources.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Partner management, commissions, payouts, bans, deactivations, and bounty review workflows are privileged business operations far outside ordinary link CRUD. Bundling them into a link-management skill increases the chance of unauthorized administrative actions or social engineering-driven misuse under a misleading skill label.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Customer management and conversion tracking introduce personal data handling and business-event mutation capabilities that are not disclosed by the link-operations description. This expands the skill into PII processing and attribution workflows, making accidental disclosure, unauthorized modification, or covert tracking more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents destructive delete and bulk delete operations without requiring confirmation, preview, or explicit user acknowledgment. In an agent setting, this materially increases the risk of accidental or prompt-induced irreversible data loss across one or many links.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The onboarding instructions tell users to create and export a live API key and immediately use it, but provide no warning about secret handling, storage, redaction, or avoiding disclosure in chat/output. That omission can lead to credential leakage through logs, transcripts, shell history, or agent responses.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Domain deletion is explicitly cascading and removes all associated links, but the skill does not appear to enforce an explicit high-risk warning or confirmation at the interface boundary. In an agent context, destructive actions without strong user acknowledgment are dangerous because a vague request could trigger irreversible business-impacting deletion.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The lead tracking endpoint accepts customer identifiers, email, avatar, and metadata, enabling transmission of personal data and behavioral tracking to an external service. In a skill environment, collecting and forwarding PII without a clear privacy warning or consent boundary increases compliance and misuse risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The sale tracking endpoint accepts customer identifiers, email, payment-related metadata, and sales information, all of which can be sensitive business and personal data. Without an explicit privacy warning, users and integrators may not realize that these data are being transmitted to an external analytics/attribution platform.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The customer listing endpoint returns personal data such as name, email, avatar, and commercial activity, but the skill description does not signal PII exposure. In an agent setting, this can lead to overbroad data retrieval and disclosure beyond what a user expected from a link-management skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The events endpoint exposes IP addresses, location, device, browser, referer, and other detailed telemetry, which are sensitive from both privacy and security perspectives. Combined with the misleadingly narrow skill description, this creates a significant risk of covert surveillance-style data access or unintended disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.