Security audit

x-reader通用内容抓取

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent content-reading purpose, but it asks users to rely on an unreviewed local CLI while saving platform sessions and clearing inbox data without enough scope or safety detail.

Review before installing. Only use this if you trust the separately installed x-reader CLI, know where it stores browser or platform sessions, can revoke those sessions, understand exactly what x-reader clear removes, and are comfortable sending requested URLs or media to the listed external services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The documented behavior expands beyond a simple content-reading skill into session-based login, Telegram access, and inbox management, which materially changes the capability and trust boundary of the skill. This creates a security and user-consent risk because operators may grant or invoke the skill expecting passive URL fetching while it can also persist authenticated state and manipulate stored messages.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Documenting a `clear` command without warning that it deletes inbox contents makes destructive behavior easy to trigger accidentally, especially in agentic or automated contexts. If the inbox contains fetched content, queued items, or user-linked Telegram data, this can cause irreversible data loss or disrupt workflows.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill states that login saves a browser session but does not disclose where authentication artifacts are stored, how long they persist, or how they are protected. Persisted session data can expose authenticated access if the host is shared, compromised, or backed up insecurely.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The description advertises fetching content from many external platforms, and the platform table indicates use of intermediaries such as Jina and other external tooling. Without a disclosure that requested URLs and associated metadata may be sent to third parties, users may unknowingly expose sensitive links, access patterns, or private targets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal