Keyapi Pinterest Analysis

Security checks across malware telemetry and agentic risk

Overview

This Pinterest analysis skill appears user-directed, but its included runner is broader than advertised and can save credentials and API results locally.

Install only if you are comfortable with a generic KeyAPI MCP runner, not just a locked-down Pinterest helper. Use commands with --platform pinterest, avoid untrusted KEYAPI_SERVER_URL values, protect or delete the .env file, and clear .keyapi-cache when the Pinterest results should not remain on disk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The static finding indicates the underlying runner supports generic remote MCP tool invocation across platforms, while this skill is presented as Pinterest-specific. That mismatch is dangerous because users and downstream agents may grant trust, credentials, or execution latitude based on the narrower stated scope, while the actual implementation could enumerate schemas and invoke unrelated remote tools.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The runner is advertised for a Pinterest-analysis skill, but it accepts an arbitrary --platform value and constructs the server URL dynamically. That expands the skill's effective capability beyond its declared scope, which can violate least-privilege expectations and allow use against unrelated data domains if a user or downstream agent assumes Pinterest-only behavior.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script can call any MCP tool name supplied via --tool and even enumerate schemas/tools from the remote server, rather than limiting execution to Pinterest user/pin/board/follower analysis operations. In a skill context, this is dangerous because it creates hidden capability expansion and may expose unintended actions or data access through the same authenticated token.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill repeatedly instructs users to persist full API responses and social-graph data under a local cache directory without discussing data sensitivity, retention, access controls, or redaction. Even if the source data is from Pinterest, cached profile metadata, follower/following graphs, and possibly API error payloads can create an unnecessary local privacy and data-handling risk, especially on shared systems or in agent workspaces.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: When KEYAPI_TOKEN is missing, the script interactively collects it and writes it to a local .env file automatically, without explicit consent at the moment of persistence or file-permission hardening. Persisting credentials in plaintext can expose them to other local users, accidental commits, backups, or workspace leakage, especially in shared or automated environments.

Unrestricted Tool Access

Medium

Category: Excessive Agency
Content: Execute tool calls and persist responses to the local cache to avoid redundant API calls. **Calling a tool:** ```bash # Single call with pretty output
Confidence: 90% confidence
Finding: tool:*

Credential Access

High

Category: Privilege Escalation
Content: reject(new Error("No token entered. Set KEYAPI_TOKEN and try again.")); return; } const envPath = join(ROOT, ".env"); writeFileSync(envPath, `KEYAPI_TOKEN=${token}\n`, "utf8"); log(`[token] Saved to ${envPath} — future runs will load it automatically`); process.env.KEYAPI_TOKEN = token;
Confidence: 96% confidence
Finding: .env"

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal