Security audit

ZeeLin 微博自动发布

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Weibo auto-poster, but it can publish from your logged-in account without a required final approval step.

Review before installing. Use it only if you are comfortable letting an agent control a logged-in Weibo tab and publish public posts. Before each use, require the agent to show the exact text and wait for an explicit final approval, keep Browser Relay attached only to the intended Weibo page, and delete /tmp/weibo_snap.txt if it may contain sensitive page content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs the agent to invoke `exec` with a shell command and interact with a live website via Browser Relay, which clearly exercises code execution, environment/path dependence, and networked browser capabilities without declaring corresponding permissions. Undeclared powerful capabilities weaken user trust and policy enforcement because a user may invoke what appears to be a simple posting skill without visibility into its ability to run local commands and drive a browser session.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrases are broad and map directly to a real-world side effect: posting content to a public social-media account. Overly generic activation language increases the chance of accidental invocation from ordinary conversation, which is especially risky because the skill can draft content and publish through the logged-in user's browser session.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill description emphasizes convenience but does not prominently warn that it can perform an actual irreversible external action: publishing a post to the user's Weibo account. In this context, missing side-effect disclosure is dangerous because users may think the agent is only drafting content, while the skill can submit a real post through an authenticated session.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script publishes content to a public social-media account immediately after locating a post button, with no explicit user confirmation or dry-run step. Because posting is irreversible in practice and affects a user-controlled public identity, a mistaken selector match, malformed input, or unintended invocation can cause unauthorized or accidental public disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal