Back to skill

Security audit

百家姓查询 - 即刻数据

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Chinese surname lookup skill that uses a user-provided Jike API key to query Jike’s external API.

Install only if you are comfortable sending surname queries and a Jike AppKey to Jike’s API. Use a dedicated API key, avoid putting the key in logs or screenshots, and leave JIKE_API_BASE_URL unset unless you intentionally trust the alternate API endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Tainted flow: 'url' from os.environ.get (line 139, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
"""
    url = f"{API_BASE_URL}{API_PATH}?{urllib.parse.urlencode({**params, 'appkey': appkey})}"
    try:
        with urllib.request.urlopen(url, timeout=15) as response:
            return json.loads(response.read().decode("utf-8"))
    except urllib.error.HTTPError as exc:
        return {"code": exc.code, "message": f"接口请求失败: HTTP {exc.code}", "data": ""}
Confidence
91% confidence
Finding
with urllib.request.urlopen(url, timeout=15) as response:

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill declares runtime requirements and clearly instructs use of environment variables, local script execution, and outbound API calls, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: an agent or platform may invoke network and secret-reading behavior without explicit permission metadata, increasing the chance of unintended secret use or external data transmission.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The description says the skill is suitable for broad scenarios such as traditional culture, common knowledge, or matching-related materials, which may cause an orchestrator to invoke it more often than necessary. Over-broad triggering increases the likelihood that user inputs are unnecessarily sent to the external provider, even when a local answer would suffice.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The markdown states that data is provided by a third-party API and shows API usage, but it does not present a clear user-facing warning that query terms will be transmitted externally. Even though surname queries are usually low sensitivity, names or compound surnames can still be personal data, and silent transmission undermines user consent and privacy expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.