Back to skill

Security audit

Weibo Hot Cn

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a low-risk Weibo hot-topics helper that currently returns local mock data rather than accessing accounts or external services.

This is reasonable to install if you want a lightweight Weibo hot-list demo or helper. Treat it as placeholder functionality: it currently returns mock data, and any future version that adds a real Weibo API, background alerts, or history storage should be re-reviewed for endpoint choice, credential handling, user control, and data retention.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger terms include very broad words like '微博', '热搜', 'weibo', and especially 'hot', which are likely to appear in ordinary conversation and can cause unintended invocation. In an agent environment, accidental activation may lead to unnecessary network requests, context switching, or disclosure of user intent to external services when the user was not asking to use this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal