Security audit

知乎热榜选题

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: fetch public Zhihu hot-list data and print ranked topic suggestions.

Install only if you are comfortable with the skill making HTTPS requests to Zhihu when invoked. You may need to install the Python requests package yourself, and returned web content should be treated as untrusted public data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill invokes a Python script that retrieves Zhihu hot-topic data, which implies outbound network access, but the manifest does not declare any corresponding permission or capability. Undeclared network behavior reduces transparency and can bypass user or platform expectations about what the skill is allowed to do, making misuse or silent data exfiltration harder to detect.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases like “搜一下知乎” and “知乎有什么热点” are broad enough to match ordinary conversation, which can cause the skill to activate unexpectedly. Unintended invocation may lead to unsolicited network requests or actions without clear user intent, especially since the skill runs a script automatically when triggered.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.