Back to skill

Security audit

品氪 OpenApi 开放平台 Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Pinkr CRM/OpenAPI integration, but it can send and change sensitive customer and business data with weak transport and control safeguards.

Review before installing. Use only with an authorized Pinkr account, set PK_API_URL to a trusted HTTPS endpoint instead of the HTTP default, use the least-privileged APPKEY available, and require explicit human confirmation before any refund, shipment, coupon, stored-value, points, inventory, product, order, or member-record change. Treat generated output files as sensitive and delete them when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tainted flow: 'url' from os.environ.get (line 68, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}

    try:
        response = requests.post(url, data=form_data, timeout=30)
        response.raise_for_status()
        return response.json()
    except requests.exceptions.RequestException as e:
Confidence
97% confidence
Finding
response = requests.post(url, data=form_data, timeout=30)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill is designed to synchronize broad sets of CRM/SCRM data, including member, order, address, inventory, coupon, and payment-related information, yet it provides no explicit privacy, consent, or data-handling warnings. In a high-sensitivity business context, this omission increases the risk of over-collection, unintended disclosure, and accidental state-changing actions on production customer data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documented operations include irreversible or business-critical actions such as coupon write-off, refund and shipment status changes, inventory updates, and full product uploads, but there is no explicit warning, confirmation flow, or guardrail language. In this context, accidental or unauthorized invocation could directly alter financial records, fulfillment state, inventory, and customer entitlements.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill defaults to http://dev.openapi.pinkr.com and transmits CRM/SCRM data, including member, order, refund, address, and coupon-related content, over the network. Using insecure default transport exposes sensitive business and personal data to interception or tampering, especially on shared or untrusted networks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill saves full text and JSON API responses to local files in the output directory, and those responses may contain member names, phone numbers, card numbers, addresses, order details, balances, and other CRM data. Persisting this data by default increases exposure through local compromise, backup leakage, shared workspaces, or accidental redistribution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.