Back to skill

Security audit

onebound-api

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Onebound API helper for Taobao and 1688 product lookups, with no artifact evidence of hidden persistence, destructive actions, or unrelated data access.

Install only if you intend to use the Onebound gateway and are comfortable with billable API calls. Keep ONEBOUND_API_KEY private, use the default or another trusted ONEBOUND_BASE_URL only, and review returned cost/balance fields before running large searches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly instructs the agent to execute local shell scripts via bash, yet the metadata does not declare corresponding permissions or execution capabilities. This creates a transparency and policy-enforcement gap: users and hosting platforms may not realize the skill can invoke shell commands and networked tooling, weakening sandboxing and trust decisions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description omits a clear upfront warning that every gateway call may consume paid API balance and that responses can reveal account cost and remaining balance. Users may invoke searches or detail lookups without informed consent, leading to unintended charges and exposure of account-usage metadata in normal output.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.