Security audit

xzk-money-maker

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed job-listing API wrapper, but users should avoid sending unnecessary personal details.

Install only if you are comfortable with job-search prompts being sent to the 快结荐 backend. Keep requests minimal, avoid including phone numbers, identity documents, financial details, or full employment history, and verify pay claims and signup links before applying.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger phrases are extremely broad, covering common expressions like wanting work, money, or a job, which can cause the skill to activate in many contexts beyond explicit user consent to use this service. Over-broad routing increases the chance that sensitive user job-seeking or financial-context messages are automatically sent to a backend without the user understanding that a third-party skill has been invoked.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The routing rules instruct the agent to prioritize this skill for loosely defined employment-related messages without clear scope boundaries or user confirmation. In practice, this can lead to accidental invocation and unnecessary disclosure of user text to the external API, especially in mixed-intent conversations about jobs, money, or side work.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The workflow sends the user's message content directly to a third-party backend, but the skill provides no user-facing notice or consent mechanism describing this sharing. Because job-seeking messages may include names, phone numbers, locations, schedules, or other sensitive personal details, silent transmission creates a meaningful privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script transmits arbitrary user-provided content to an external backend API without any notice, consent flow, or output indicating that data leaves the local environment. In a job-search skill, users may submit sensitive personal or employment-related information, so silent exfiltration to a remote service creates a real privacy and trust risk even if this appears to be intended functionality.

Ssd 3

Medium

Confidence: 99% confidence
Finding: The skill forwards user messages verbatim to an external service and instructs the agent to return the platform's results 'unchanged,' creating a direct data-leakage path in both directions. Any sensitive information in the user's request can be exfiltrated to the backend, and unfiltered backend responses can include tracking links, manipulative text, or unsafe content that the agent is told to reproduce verbatim.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.