Back to skill

Security audit

Jielong CLI

Security checks across malware telemetry and agentic risk

Overview

The skill’s activity-management purpose is coherent, but it gives the agent broad account, install, login, and mutation authority with weak user control and unnecessary exposure of account identifiers.

Install only if you are comfortable with an agent running a globally installed npm CLI, checking and displaying Jielong account details, opening a browser login QR flow, and performing activity changes or deletions. Prefer using it with explicit confirmation for login and destructive actions, and avoid sharing sessions where phone numbers, OpenID, activity IDs, or signup records may appear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to run `npm install -g jielong-cli@latest` before handling requests, which performs a global software install/update on the user's machine without necessity, consent, or version pinning. This expands the attack surface to the npm supply chain and enables unexpected system modification as a routine pre-step.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill directs the agent to autonomously execute `jielong login`, open a browser, and initiate an authentication flow on the user's behalf without prior confirmation. Triggering browser-based login automatically can surprise the user, interfere with their session, and normalize unsafe delegation of authentication actions to the agent.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The skill contains conflicting instructions around who should perform login, which increases the chance of unsafe or inconsistent authentication handling by the agent. Ambiguity in security-sensitive flows can lead to accidental autonomous login attempts or improper user guidance.

Description-Behavior Mismatch

Low
Confidence
87% confidence
Finding
The skill instructs the agent not to reveal created activity identifiers and keys while retaining them internally for later operations. Hiding operational identifiers reduces user visibility and control, making later destructive or sensitive actions harder to audit or verify.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad and overlap with common conversation, increasing the likelihood that the skill activates when the user did not intend to invoke administrative activity-management actions. In a skill capable of deletion, modification, login checks, and browser launching, overbroad triggering materially raises the risk of unintended execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mandates automatic login-state checks and displaying account details including nickname, phone number, and OpenID without an upfront privacy warning or consent step. Even if shown back to the same user, unnecessary disclosure of sensitive identifiers increases privacy risk and normalizes overexposure of account data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill does not warn users up front that it may automatically open a browser and start a login flow on their machine. Unexpected UI launches and authentication prompts are security-relevant side effects that require explicit disclosure and consent.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to display the full `whoami` output, including phone number and OpenID. These are account-identifying details that are not necessary to complete most tasks and could be exposed in logs, transcripts, or to the wrong viewer if the session context is shared or compromised.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill tells the AI to keep activity identifiers and keys hidden while remembering them for later use. Retaining opaque identifiers outside the user's view weakens transparency and can enable later actions that the user cannot independently verify, especially in a stateful assistant environment.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.