Back to skill

Security audit

Setup Agent

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local Ziniao browser-control skill, but it requires careful handling of a ZClaw API key.

Install only if you trust the local Ziniao/ZClaw bridge and are comfortable granting it browser-control authority. Prefer a dedicated, revocable API key, avoid pasting secrets into shared chats, keep ~/.zclaw/config.json private, and rotate the key if it appears in logs or transcripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Low
Confidence
95% confidence
Finding
The instructions explicitly tell the agent to display the full API key back to the user in the final success message. Secrets echoed into chat transcripts, logs, screenshots, or agent memory can be exposed long after setup, increasing the chance of credential leakage and reuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages persisting a long-lived API key in shell startup files without discussing the security tradeoffs. Shell rc files are commonly copied, backed up, inspected, or inherited by other tooling, so storing plaintext credentials there can expose the key to local compromise or accidental disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.