Security audit

生日密码 - 即刻数据

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward birthday-query API skill, but users should understand that birthday input and an API key are sent to a third-party service.

Install only if you are comfortable sending the birthday value you provide, plus the configured API key, to api.jikeapi.cn. Use a dedicated low-privilege API key, avoid setting a custom API base URL unless you control it, and invoke the skill only for explicit birthday-password lookups.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Tainted flow: 'url' from os.environ.get (line 139, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: """ url = f"{API_BASE_URL}{API_PATH}?{urllib.parse.urlencode({**params, 'appkey': appkey})}" try: with urllib.request.urlopen(url, timeout=15) as response: return json.loads(response.read().decode("utf-8")) except urllib.error.HTTPError as exc: return {"code": exc.code, "message": f"接口请求失败: HTTP {exc.code}", "data": ""}
Confidence: 84% confidence
Finding: with urllib.request.urlopen(url, timeout=15) as response:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill declares required binaries and environment variables and clearly instructs the agent to execute a Python script and call an external API, but the markdown does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or hosting platforms may not realize the skill can read secrets from environment variables, access local files, and transmit data over the network.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description says the skill applies to broad categories like traditional culture, life knowledge, or matching information, which can cause over-triggering on ordinary conversations. Over-broad activation increases the chance that user-provided data is unnecessarily routed to this third-party-backed skill without clear user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends a birthday value to a third-party API, but the markdown does not clearly warn that user-provided birthday data leaves the local system. Even though a birthday is not always highly sensitive, it is personal data and can become more sensitive when linked with other profile information or conversation context.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script places both the birthday query and the AppKey into the URL query string. Query strings are commonly exposed in logs, browser/history-like tooling, proxies, process monitoring, and upstream infrastructure, so secrets and user input may be recorded more broadly than intended. In this skill, the birthday itself is low-sensitivity, but the AppKey is a credential, making URL-based transmission a real security concern.

External Transmission

Medium

Category: Data Exfiltration
Content: 直接调用 API： ```text GET https://api.jikeapi.cn/v1/birthday/pwd?birthday=01-06&appkey=YOUR_APPKEY ``` ## AI 使用步骤
Confidence: 90% confidence
Finding: https://api.jikeapi.cn/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.