Back to skill

Security audit

星座配对 - 即刻数据

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow zodiac compatibility lookup that clearly uses a Jike API key and sends the two zodiac signs to Jike's API, with no evidence of hidden persistence or unrelated data access.

Install only if you are comfortable sending the two zodiac signs and a Jike API key to Jike's API. Use a dedicated, revocable key, avoid passing the key on shared command lines via --key, and leave JIKE_API_BASE_URL unset unless you intentionally need a trusted alternate endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tainted flow: 'url' from os.environ.get (line 139, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
"""
    url = f"{API_BASE_URL}{API_PATH}?{urllib.parse.urlencode({**params, 'appkey': appkey})}"
    try:
        with urllib.request.urlopen(url, timeout=15) as response:
            return json.loads(response.read().decode("utf-8"))
    except urllib.error.HTTPError as exc:
        return {"code": exc.code, "message": f"接口请求失败: HTTP {exc.code}", "data": ""}
Confidence
92% confidence
Finding
with urllib.request.urlopen(url, timeout=15) as response:

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares runtime requirements for environment variables, file access to the script, and outbound network use, but the finding indicates these capabilities are not explicitly declared as permissions. Undeclared capabilities reduce transparency and can lead an agent host to execute code with broader access than reviewers or users expect, especially because the skill invokes a Python script that reads API keys from the environment and contacts an external service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The AppKey is appended as a query parameter, which exposes it in URLs that may be logged by clients, proxies, load balancers, shell history, or monitoring systems. Even over HTTPS, query strings often persist in operational logs, increasing the chance of credential leakage.

External Transmission

Medium
Category
Data Exfiltration
Content
直接调用 API:

```text
GET https://api.jikeapi.cn/v1/zodiac_pairing?boy_zodiac=双鱼座&girl_zodiac=天蝎座&appkey=YOUR_APPKEY
```

## AI 使用步骤
Confidence
80% confidence
Finding
https://api.jikeapi.cn/

External Transmission

Medium
Category
Data Exfiltration
Content
"title": "星座配对 - 即刻数据",
  "description": "星座配对。输入男生星座和女生星座,查询配对指数、比例、同情指数、天长地久指数、结果评述和恋爱建议。",
  "env": "JIKE_ZODIAC_PAIRING_QUERY_KEY",
  "api_url": "https://api.jikeapi.cn/v1/zodiac_pairing",
  "homepage": "https://www.jikeapi.cn/"
}
Confidence
83% confidence
Finding
https://api.jikeapi.cn/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.