Back to skill

Security audit

LegionSpace 大群空间版本查询

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real LegionSpace version-checking skill, but it modifies the local environment and forces proxy bypass in ways users should review first.

Only install or run this skill if you are comfortable with it contacting several public app-store sites, writing a report under the skill scripts directory, installing Python/browser dependencies, and bypassing configured proxies. In corporate or managed environments, avoid it unless the proxy override is removed and dependencies are pinned or installed through a trusted setup process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions, but its documented behavior clearly includes network access, environment manipulation, and writing a report file. This mismatch is dangerous because it hides the skill's actual capabilities from reviewers and runtime policy enforcement, reducing transparency and potentially allowing broader-than-expected execution.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script globally sets NO_PROXY/no_proxy for the entire process, forcing all subsequent HTTP traffic to bypass any configured corporate, monitoring, or security proxies. For a simple version-checking skill, this is unnecessary and weakens network policy enforcement, reducing visibility and control over outbound requests.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The wrapper script automatically installs Python packages and a Chromium browser runtime at execution time, which exceeds a narrowly scoped 'check app versions' action and modifies the local environment. While this appears intended to make the tool self-contained rather than malicious, silent dependency and runtime installation increases supply-chain and system-modification risk, especially if package indexes or transitive dependencies are compromised.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script installs requests, playwright, and Chromium automatically without an explicit warning that it will modify the host system and fetch code/runtime components from external sources. This is dangerous because users invoking a simple query skill may not expect package installation, browser download, or dependency resolution side effects, creating avoidable trust and supply-chain exposure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.