Back to skill

Security audit

Baidu Image Classify

Security checks across malware telemetry and agentic risk

Overview

This Baidu image-recognition skill does what it says, but it includes a hardcoded Baidu API key and unclear credential handling that users should review before installing.

Before installing, remove the embedded API key, configure your own Baidu credentials through a protected secret or environment mechanism, and avoid submitting private or regulated images unless you are comfortable sending them to Baidu for processing. The skill is not showing malware-like behavior, but the credential handling deserves review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill documentation describes image input in a narrower way than the provided implementation, which accepts remote URLs and fetches them server-side with requests.get(). That mismatch can hide SSRF-like behavior, unexpected outbound network access, and privacy exposure because a user or downstream agent may assume only local files are processed when the code can retrieve arbitrary remote content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends image data to Baidu's remote API for classification, but the description does not warn users that uploaded or fetched images leave the local environment. This creates a real privacy and compliance risk, especially for sensitive images, internal documents, or URLs that may be fetched and retransmitted without explicit user awareness.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:41