Security audit

新华字典 - 即刻数据

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Chinese dictionary lookup tool, but it has an undocumented setting that can redirect the API key to any network destination.

Review before installing. Use it only in an environment where you control the environment variables, leave JIKE_API_BASE_URL unset or set only to the legitimate Jike HTTPS API host, and avoid using a broad reusable JIKE_APPKEY if a narrower key is available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Tainted flow: 'url' from os.environ.get (line 154, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: """ url = f"{API_BASE_URL}{API_PATH_MAP[command]}?{urllib.parse.urlencode({**params, 'appkey': appkey})}" try: with urllib.request.urlopen(url, timeout=15) as response: return json.loads(response.read().decode("utf-8")) except urllib.error.HTTPError as exc: return {"code": exc.code, "message": f"接口请求失败: HTTP {exc.code}", "data": ""}
Confidence: 94% confidence
Finding: with urllib.request.urlopen(url, timeout=15) as response:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill declares no explicit permissions, yet its documented operation requires environment-variable access, local script execution, and outbound network access to a third-party API. This mismatch can mislead hosts and reviewers about the skill's real capabilities, reducing transparency and weakening permission-based trust and policy enforcement.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.