Security audit

Xiaoya Download

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Xiaoya/Alist media downloader, with expected local file-copy side effects but no evidence of hidden or unrelated behavior.

Install only if you trust the Xiaoya/Alist server and the WebDAV mount you configure. Use a dedicated DOWNLOAD_DIR, confirm the selected media before copying, and expect rsync to create or update same-named files there and consume substantial disk space for large videos.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill documentation describes capabilities to read environment configuration, access network resources, and invoke shell-backed tools like rsync, but it does not declare corresponding permissions. This creates a transparency and governance gap: users and the hosting platform may underestimate the skill's access to local files, external services, and command execution, increasing the chance of unsafe deployment or abuse.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The example trigger phrases are very broad natural-language requests such as searching for a movie, which can overlap with ordinary conversation. In an agent environment, this increases the risk of unintended invocation, causing unsolicited searches or downloads to begin based on casual user dialogue rather than a clearly intentional command.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill description emphasizes search and copy functionality but does not clearly warn that downloads copy potentially large media files into a local/NAS directory, consuming storage and possibly overwriting existing files. Without explicit user-facing warnings, users may trigger actions that have significant local side effects and resource impact they did not anticipate.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The copy command writes files and directories into a local download location without any confirmation, dry-run, or overwrite protection. In an agent or automated-tool context, this can cause unintended local filesystem modification, clobber existing content with the same basename, or consume large amounts of disk space from a single remote_path request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.