Security audit

WeChat Official Accounts Keyword Search API

Security checks across malware telemetry and agentic risk

Overview

This is a narrow JustOneAPI search helper, but its API token handling deserves care because the token is passed on the command line and sent in the request URL.

Install only if you are comfortable sending your search keywords and JustOneAPI token to api.justoneapi.com. Prefer a dedicated or least-privileged token, avoid use on shared or heavily logged systems, and rotate the token if command history, process listings, logs, or request URLs may have exposed it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill defines the API token as a query parameter and later appends all query parameters directly into the URL before issuing the request. Tokens in URLs are commonly exposed via logs, browser/history equivalents, proxy infrastructure, monitoring systems, and error reports, making credential leakage more likely than if the token were sent in an Authorization header.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill requires an API access token to be sent as a query parameter, but the manifest provides no user-facing warning that a secret will be transmitted to a third-party endpoint. Query parameters are also more likely to be logged by intermediaries, clients, and servers, increasing the chance of credential exposure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Passing an access token in a URL query parameter is risky because query strings are commonly logged by servers, proxies, analytics tools, browser history, and monitoring systems. In a skill context, this increases the chance of credential leakage through telemetry or intermediary infrastructure, which could enable unauthorized API access if the token is exposed.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.secret_argv_exposure

Instructions pass high-value credentials through process argv.

Critical

Code: suspicious.secret_argv_exposure
Location: SKILL.md:46