Xingtu Task Invite Code

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform its stated XingTu QR-code download workflow, but it stores and reuses live login cookies in plain text and supports long-running automated browser work.

Install only if you are comfortable giving the agent access to your XingTu account session. Treat ~/.xingtuCookie.txt as a password-equivalent file, delete or rotate it when finished, avoid pasting cookies into chat unless necessary, and review/approve any background batch run and output location before execution.

Publisher note

获取星图招募任务（进行中的任务）-邀约达人-二维码邀请把每个任务的邀约二维码下载到本地电脑，D:\xingtu\task-invite，以任务ID命名每个文件夹

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs reading, validating, and persisting XingTu authentication cookies from a local file without requiring clear user consent, warning, or limiting how long those credentials are retained. Persisting reusable session material in plaintext increases the chance of credential theft, unintended reuse, or lateral abuse by other local processes or later runs.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill creates directories and moves downloaded files into a fixed output path, but it does not require an explicit user-facing confirmation before making filesystem changes. While the writes are part of the stated workflow, silent bulk modification of local storage can still surprise users, overwrite expected artifacts, or place sensitive content in unintended locations.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation explicitly instructs storing live authentication cookies in a plaintext file at a fixed local path and reusing them as an HTTP Cookie header. Session cookies are bearer credentials, so anyone or any process that can read that file can impersonate the user account, access XingTu data, and perform authenticated actions until the cookies expire or are revoked.

Ssd 3

High

Confidence: 98% confidence
Finding: This section tells the agent to extract cookie strings from the user's message, validate them against the live service, and then save them for later authenticated use. That is direct handling of bearer-style session credentials, and anyone who obtains the stored cookie can impersonate the user on XingTu until the session expires or is revoked.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill instructs extracting cookies from the authenticated browser session via `document.cookie` and writing them to a local file for reuse. This converts an interactive login session into a reusable plaintext credential artifact, materially expanding the attack surface beyond the browser's own session protections.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal