Xiayu

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being a dating/social assistant, but it asks for account access and can keep sending messages for the user without enough consent and control safeguards.

Install only if you trust the Xiayu local service and are comfortable sharing dating/profile details plus account credentials with it. Before using it, confirm how to stop polling, review or disable auto-replies, delete the local session file, and revoke the stored access token.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Intent-Code Divergence

Medium

Confidence: 86% confidence
Finding: The skill asks the user for an email and login credential, then claims the credential will not be stored in plaintext, but the documented session design only stores an access token and provides no concrete safeguards for credential handling in memory, logs, retries, or error paths. In a skill that performs automatic re-login on 401 and persists session state locally, this ambiguity is dangerous because implementers may end up retaining or exposing credentials contrary to user expectations.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger list includes broad everyday terms such as '交友', '约会', '社交', and '匹配', which can cause the skill to activate in unrelated conversations. Because this skill collects sensitive personal data and can bind accounts and send automated messages, accidental invocation increases the chance of unintended data collection or actions.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill instructs the agent to collect and upload highly sensitive personal and relationship information, persist authentication/session data locally, continuously poll for messages, and automatically reply on the user's behalf, yet it does not require explicit informed consent, retention limits, visibility disclosures, or meaningful privacy warnings. In a dating/social context, this is especially risky because the data includes location, age range, preferences, values, and deal-breakers, and automated impersonation can materially affect user safety, privacy, and reputational outcomes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal