Back to skill

Security audit

xianyu-search

Security checks across malware telemetry and agentic risk

Overview

This skill mostly generates second-hand shopping links, but it needs review because it frames enterprise MDM-managed devices as bypassable purchase options.

Review carefully before installing. The code appears limited to parsing shopping requests and generating links, with no evidence of credential theft, persistence, or destructive behavior. The main issue is the advice content: avoid enterprise/MDM-locked or already-bypassed devices, and do not use this skill as proof that a listing is legitimate, safe, or legally transferable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The changelog presents contradictory trust signals: it claims the skill does not perform network scraping or external reporting, then later advertises browser automation to scrape real-time listings. In security-sensitive agent ecosystems, this kind of inconsistency can mislead reviewers and users about the skill’s actual capabilities and data exposure, increasing the risk of unauthorized browsing, scraping, or policy violations.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
Referencing enterprise MDM devices as something that 'needs bypass' introduces guidance that can facilitate circumvention of organizational security controls. Even in a resale-assistance context, normalizing or hinting at bypass behavior can support unauthorized access to managed devices and expose buyers or operators to legal, ethical, and security harm.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The natural-language trigger examples are broad and underspecified, which can cause the skill to activate on ambiguous user messages that merely mention second-hand shopping, products, or budgets. In an agent setting, overly permissive triggering can lead to unintended tool invocation, unnecessary external requests, and actions taken on user input that did not clearly request marketplace searching.

Natural-Language Policy Violations

High
Confidence
91% confidence
Finding
The generated output labels enterprise/MDM-managed devices as something that 'needs bypass,' which normalizes or encourages circumvention of device management controls. Even though the code does not perform a bypass itself, it can guide users toward acquiring restricted devices and attempting unauthorized evasion of administrative protections, creating legal, compliance, and downstream security risks.

Ssd 4

Medium
Confidence
94% confidence
Finding
The workflow treats detection of MDM-locked devices and the notion of bypass as a routine part of 'pitfall detection,' which can desensitize users to the seriousness of security-control circumvention. In context, this makes the skill more dangerous because it embeds questionable behavior into ordinary purchase recommendations rather than explicitly warning against it.

Ssd 2

Medium
Confidence
93% confidence
Finding
The example output presents “企业 MDM 已绕过” as a positive selling point, which normalizes and implicitly endorses circumvention of enterprise device management controls. Even though the skill does not itself perform bypassing, framing such a state as desirable can facilitate acquisition or promotion of non-compliant, stolen, or improperly de-managed devices.

Ssd 2

Low
Confidence
77% confidence
Finding
“ID 已退” is presented as a favorable attribute, but it refers to account/device binding status in a way that can be associated with lock evasion, unauthorized account removal, or resale of questionably sourced hardware. In a second-hand device recommendation context, that language can steer users toward suspicious listings instead of encouraging legitimate ownership verification.

Ssd 2

Medium
Confidence
90% confidence
Finding
The warning text says enterprise MDM devices “需要绕过,” which introduces the idea of bypassing management controls as an available path rather than rejecting such items outright. In context, this lowers the perceived severity of control circumvention and may enable users to pursue unauthorized access to managed devices.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.