fangcloud_ai

Security checks across malware telemetry and agentic risk

Overview

This Fangcloud skill is not clearly malicious, but it needs Review because it combines powerful cloud/admin access, live-looking tokens in documentation, and unverified remote executable downloads.

Install only if you trust the publisher and the Fangcloud release channel. Use least-privilege, short-lived user tokens where possible; do not provide `FANGCLOUD_ADMIN_TOKEN` unless you deliberately need tenant administration. Treat the bearer tokens shown in the docs as exposed secrets that should be rotated if they were ever valid, and prefer a version with signed or checksum-verified binaries and a narrower admin-only workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (24)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The documented API surface includes enterprise administration endpoints such as department, group, user, platform sync, and audit-log management that materially exceed the skill's stated purpose of file management, sharing, knowledge-base chat, and agent interaction. This unnecessary privilege expansion increases blast radius: if the skill can access or expose these endpoints, a prompt injection, misuse, or integration mistake could enable tenant-wide administrative actions unrelated to the user's task.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: This section adds organizational/account-management and broader knowledge-management capabilities beyond the narrow manifest description, creating capability creep. Even if some endpoints are legitimate product APIs, exposing them through the skill without clear scope disclosure undermines least privilege and can surprise downstream users and orchestrators about what the skill can do.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Enterprise-token tenant administration is especially dangerous in this skill context because the advertised use case is end-user file and AI assistance, not tenant administration. Mixing enterprise-admin tokens with routine user-facing workflows creates a severe privilege-boundary violation that could let an agent perform company-wide user, group, department, SSO, or synchronization actions if credentials are available or misrouted.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README instructs users to supply `FANGCLOUD_USER_TOKEN` and `FANGCLOUD_ADMIN_TOKEN` but gives no guidance that these are sensitive secrets, especially the admin token. In a skill focused on file management and admin-capable API access, this increases the chance users expose tokens in shell history, logs, screenshots, or by using overly privileged credentials for routine operations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README provides copy-paste download and execution steps for platform binaries fetched from a remote URL, but includes no checksum, signature verification, pinned trust mechanism, or warning to validate the artifact before running it. If the hosting path, release pipeline, or transport trust is compromised, users could execute a malicious binary with their Fangcloud tokens and local file access, making this especially risky in a file-management/admin skill context.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The markdown embeds multiple real-looking bearer tokens directly in example requests. Even if they are test values, publishing token-shaped secrets in skill artifacts normalizes unsafe handling and may leak valid credentials into logs, repos, model context, or downstream tooling.

External Transmission

Medium

Category: Data Exfiltration
Content: | `id` | `path` | `int64` | 文件的ID | | `target_folder_id` | `body` | `int64` | 目标文件夹id | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/75003907526/copy' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/75003907526/copy' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \ --header 'Con

External Transmission

Medium

Category: Data Exfiltration
Content: | `id` | `path` | `int64` | 文件的ID | | `target_folder_path` | `body` | `string` | 路径名，以/划分文件夹，根目录在个人文件下，文件夹名称必须是1到222个字符，并且不能含有/ ? : * " > < \|且末尾不能为“.” | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/75003907526/copy_by_path' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/75003907526/copy_by_path' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \ --hea

External Transmission

Medium

Category: Data Exfiltration
Content: | `parentFolderId` | `body` | `int64` | 父文件夹Id | | `type` | `body` | `string` | 文件类型；1：doc类型; 2：ppt类型; 3：xls类型 | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/create_blank_file' \ --header 'Content-Type: application/json' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/create_blank_file' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer a2a192ea

External Transmission

Medium

Category: Data Exfiltration
Content: | `id` | `path` | `int64` | 移动文件的ID | | `target_folder_id` | `body` | `int64` | 目标文件夹id | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/179000000087/move' \ --header 'Authorization: Bearer d8ec3bc7-c7f2-40b6-a591-7b03c134478f' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/179000000087/move' \ --header 'Authorization: Bearer d8ec3bc7-c7f2-40b6-a591-7b03c134478f' \ --head

External Transmission

Medium

Category: Data Exfiltration
Content: | `name` | `body` | `string` | 文件名称，文件名称必须是1到222个字符，并且不能含有/ ? : * " > < \ | | `upload_type` | `body` | `string` | 上传类型；固定传api | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/75003685568/new_version_v2' \ --header 'Content-Type: application/json' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/75003685568/new_version_v2' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer

External Transmission

Medium

Category: Data Exfiltration
Content: | --- | --- | --- | --- | | `item_typed_ids` | `body` | `array<string>` | 文件id或文件夹id | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/pack_download' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/pack_download' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \ --header 'Conten

External Transmission

Medium

Category: Data Exfiltration
Content: | --- | --- | --- | --- | | `id` | `path` | `int64` | 更新文件的ID | **Curl Command**: ```bash curl --location 'https://open.fangcloud.com/api/v2/folder/179000000087/update' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location 'https://open.fangcloud.com/api/v2/folder/179000000087/update' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \ --header 'Content-Type:

External Transmission

Medium

Category: Data Exfiltration
Content: | `target_folder_path` | `body` | `string` | 路径名，以/划分文件夹，根目录在个人文件下，文件夹名称必须是1到222个字符，并且不能含有/ ? : * " > < \|且末尾不能为“.” | | `upload_type` | `body` | `string` | 上传类型；固定传api | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/upload_by_path' \ --header 'Content-Type: application/json' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/upload_by_path' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer 003504d9-9a

External Transmission

Medium

Category: Data Exfiltration
Content: | `parent_id` | `body` | `int64` | 上传至的文件夹id | | `upload_type` | `body` | `string` | 上传类型；固定传api | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/upload_v2' \ --header 'Content-Type: application/json' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/file/upload_v2' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer 1cd9081c-aa2c-4f

External Transmission

Medium

Category: Data Exfiltration
Content: | `id` | `path` | `int64` | 文件夹id | | `target_folder_id` | `body` | `int64` | 目标文件夹id | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/179000000087/copy' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/179000000087/copy' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \ --header '

External Transmission

Medium

Category: Data Exfiltration
Content: | `name` | `body` | `string` | 文件夹名，文件夹名称必须是1到222个字符，并且不能含有/ ? : * " > < \ | | `parent_id` | `body` | `int64` | 父文件夹id | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/create' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/create' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \ --header 'Content-Typ

External Transmission

Medium

Category: Data Exfiltration
Content: | --- | --- | --- | --- | | `target_folder_path` | `body` | `string` | 路径名，以/划分文件夹，根目录在个人文件下，文件夹名称必须是1到222个字符，并且不能含有/ ? : * " > < \|且末尾不能为“.” | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/create_by_path' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/create_by_path' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \ --header 'Con

External Transmission

Medium

Category: Data Exfiltration
Content: | `id` | `path` | `int64` | 文件夹id | | `target_folder_id` | `body` | `int64` | 目标文件夹id | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/179000000087/move' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/179000000087/move' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \ --header '

External Transmission

Medium

Category: Data Exfiltration
Content: | --- | --- | --- | --- | | `id` | `path` | `int64` | 文件夹id | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/179000000087/update' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/folder/179000000087/update' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \ --header

External Transmission

Medium

Category: Data Exfiltration
Content: > 请求示例 **Curl Command**: ```bash curl --location 'https://open.fangcloud.com/api/v2/knowledge/chatStream' \ --header 'Content-Type: application/json' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location 'https://open.fangcloud.com/api/v2/knowledge/chatStream' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer de74b292-3dbf-446a-9d

External Transmission

Medium

Category: Data Exfiltration
Content: | `page_no` | `body` | `int64` | 页码 | | `page_size` | `body` | `int64` | 页容量 | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/kbase/get_book_segment_list' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/kbase/get_book_segment_list' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \ --heade

External Transmission

Medium

Category: Data Exfiltration
Content: | --- | --- | --- | --- | | `train_file_ids` | `body` | `array<int64>` | 训练文件id列表 | **Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/kbase/get_train_file_status' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location --request POST 'https://open.fangcloud.com/api/v2/kbase/get_train_file_status' \ --header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca' \ --heade

External Transmission

Medium

Category: Data Exfiltration
Content: > 请求示例 **Curl Command**: ```bash curl --location 'https://open.fangcloud.com/api/v2/knowledge/chatStream' \ --header 'Authorization: Bearer cb806f3c-8d68-49ab-9925-4eefe3c8ec96' \
Confidence: 99% confidence
Finding: Curl Command**: ```bash curl --location 'https://open.fangcloud.com/api/v2/knowledge/chatStream' \ --header 'Authorization: Bearer cb806f3c-8d68-49ab-9925-4eefe3c8ec96' \ --header 'Content-Type: a

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal