Back to skill

Security audit

LegionSpace 大群空间版本查询

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the version lookup it advertises, but it also automatically changes the local environment and bypasses proxy settings during normal use.

Review before installing, especially on managed or enterprise machines. The skill's lookup behavior is coherent, but users should be comfortable with automatic pip/Playwright/Chromium installation and with the script bypassing configured proxies for its outbound requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes scripts that perform network access, environment manipulation, and file writes, but it does not declare these capabilities as permissions. This creates a transparency and governance gap: users or hosting systems cannot accurately assess or constrain what the skill will do before execution, increasing the risk of unintended data access, uncontrolled outbound connections, or unexpected filesystem changes.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script forcibly disables proxy usage process-wide by setting NO_PROXY/no_proxy to '*', which can bypass enterprise monitoring, egress controls, or security tooling that relies on proxies. For a simple version-checking skill, this capability is unnecessary and increases risk because all subsequent HTTP/browser traffic from the process may avoid expected network controls.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script exceeds its stated purpose of checking app-store versions by automatically installing Python packages and a Chromium browser at runtime. This introduces software-management and code-fetching behavior from external package sources, which expands the attack surface and can lead to unreviewed code execution or unexpected system modification, especially in constrained or enterprise environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script installs requests, playwright, and Chromium without explicit warning or user consent. Even if intended for convenience, silent environment changes and network retrieval of executable components are risky because they can surprise users, violate least-privilege expectations, and create opportunities for supply-chain compromise if upstream packages are tampered with.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.