中国农历黄历吉凶查询

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese lunar calendar lookup skill that uses a disclosed API token to call its stated calendar service, with no clear evidence of hidden data access or destructive behavior.

Install only if you trust the publisher and the nongli.skill.4glz.com service. Use a dedicated HUANGLI_TOKEN, avoid reusing sensitive passwords as tokens, and be cautious if changing HUANGLI_BASE because that controls where authenticated requests are sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Tainted flow: 'req' from os.environ.get (line 45, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: data = json.dumps(payload).encode("utf-8") headers["Content-Type"] = "application/json" req = urllib.request.Request(url, method=method, data=data, headers=headers) with urllib.request.urlopen(req) as resp: return json.loads(resp.read())
Confidence: 90% confidence
Finding: with urllib.request.urlopen(req) as resp:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 70% confidence
Finding: Without declared permissions the skill's intent is opaque and cannot be validated.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The manifest description and the activation guidance are written as Chinese-only usage and trigger phrases, with examples centered on Chinese-language queries and no statement that other languages are supported or that Chinese is required by design. Under the policy, forcing a specific language without user opt-in is a natural-language locale violation unless the constraint is explicitly justified.

Env Variable Harvesting

High

Category: Data Exfiltration
Content: def env(): base = os.environ.get("HUANGLI_BASE", BASE_DEFAULT).rstrip("/") token = os.environ.get("HUANGLI_TOKEN", "") if not token: raise SystemExit(f"Error: HUANGLI_TOKEN is not set. Get token at: https://nongli.skill.4glz.com/dashboard") return base, token
Confidence: 70% confidence
Finding: os.environ.get("HUANGLI_TOKEN

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal