Back to skill

Security audit

Keyapi Tiktok Influencer Discovery

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it automatically stores a KeyAPI bearer token in a local plaintext .env file and caches retrieved research data by default.

Install only if you are comfortable with a local CLI that uses a KeyAPI bearer token and stores API results on disk. Prefer setting KEYAPI_TOKEN in your shell instead of entering it at the prompt, check that any .env file is private and not committed, keep KEYAPI_SERVER_URL at the default unless you trust the alternative server, and use --no-cache or clear .keyapi-cache for sensitive research.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Low
Confidence
83% confidence
Finding
The code interactively collects a bearer token and persists it in plaintext to a local .env file without warning or permission controls. This creates credential exposure risk if the project directory is shared, committed, or readable by other local users/processes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs persistent storage of retrieved influencer data under .keyapi-cache/ without any user-facing notice, retention limits, or controls over what data is written to disk. This creates unnecessary privacy and data-governance risk because potentially sensitive profile, follower, region, and analytics data may remain locally accessible long after the session ends.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Persisting the authentication token to .env without explicit consent or storage warnings can leak credentials through source control, backups, logs, or multi-user filesystem access. Because the token is then reused automatically, compromise of that file can enable unauthorized API use under the victim's account.

Credential Access

High
Category
Privilege Escalation
Content
// ── MCP client ────────────────────────────────────────────────────────────────

/** Prompt for KEYAPI_TOKEN interactively and persist it to .env */
async function promptToken() {
  if (!process.stdin.isTTY) {
    throw new Error(
Confidence
85% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
reject(new Error("No token entered. Set KEYAPI_TOKEN and try again."));
        return;
      }
      const envPath = join(ROOT, ".env");
      writeFileSync(envPath, `KEYAPI_TOKEN=${token}\n`, "utf8");
      log(`[token] Saved to ${envPath} — future runs will load it automatically`);
      process.env.KEYAPI_TOKEN = token;
Confidence
95% confidence
Finding
.env"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.