youmind-qiita-article

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for Qiita writing and publishing, but it needs Review because it can mutate or delete Qiita content and its actual publish defaults conflict with the documented private-by-default safety posture.

Install only if you are comfortable giving this skill access to your YouMind API key, YouMind knowledge-base content, and your connected Qiita account. Before publishing, verify the generated article body, tags, images, and visibility; use private mode explicitly, and be especially careful with update, set-public, and delete commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger

Findings (11)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill declares executable Bash tooling with Node/npm and explicitly reads shared config files containing API credentials, yet no explicit permission model is declared for environment or network access. This creates a transparency and governance gap: users may authorize a seemingly narrow publishing skill without realizing it can access local config/secrets and make outbound requests to YouMind/Qiita-related services.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The skill markets itself as a Qiita article writer/publisher, but the referenced behavior includes significantly broader capabilities: listing/fetching/updating/deleting posts, changing visibility, searching YouMind resources, and saving materials. This mismatch undermines informed consent and increases the risk of users authorizing destructive or privacy-impacting actions they did not expect.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The CLI exposes capabilities to list, fetch, update, delete, and change visibility of existing Qiita posts, while the skill metadata emphasizes writing and publishing articles. This mismatch expands the operational scope beyond user-expected behavior, increasing the risk that an invoking agent could modify or delete existing content using the configured API key.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: This client exposes generic knowledge-base search, board enumeration, material/craft listing, and direct retrieval APIs that go beyond the stated skill purpose of writing and publishing Qiita articles. In an agent setting, that overbroad capability increases the risk of unnecessary data access and exfiltration from a user's YouMind workspace if the skill is invoked with untrusted prompts or weak authorization boundaries.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README states the skill can research online, write, and publish to Qiita automatically, but it does not prominently warn users that generated content may be inaccurate, include sensitive material from connected knowledge sources, or be published with limited review. In a skill that can take external data and perform a publish action, missing explicit consent and review warnings increases the chance of accidental disclosure or unintended publication.

Vague Triggers

Medium

Confidence: 72% confidence
Finding: Broad trigger guidance can cause the skill to activate in situations beyond the user's intended scope, especially because it has networked publishing and local file-writing behavior. Overbroad invocation increases the chance of accidental data handling or publishing workflow initiation from ambiguous user requests.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The API reference exposes a destructive delete capability without instructing the agent to obtain explicit user confirmation before calling it. In an autonomous or semi-autonomous skill, this increases the risk of accidental or prompt-induced irreversible content deletion from the user's Qiita account.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation states that created items are published immediately, but it does not require the skill to warn the user or default to a safer draft/private flow. This can lead to unintended public disclosure of unfinished, sensitive, or AI-generated content if an agent creates a post without an explicit publish confirmation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The guidance explicitly instructs the agent to perform external network transfers (downloading from cdn.gooo.ai, uploading to Qiita, and then publishing) and notes account-side quota consumption, but it does not require any user confirmation or warning before those actions occur. In an agent skill, this creates a real risk of silent data transfer to third-party services and unintended use of the user's connected Qiita account, especially because the workflow is framed as a mandatory publishing step.

Session Persistence

Medium

Category: Rogue Agent
Content: ## Draft Location Rule **Canonical:** write local article Markdown files to `~/.youmind/articles/qiita/<slug>.md`. This shared home directory is available to all YouMind skills — see [`shared/YOUMIND_HOME.md`](shared/YOUMIND_HOME.md). **Legacy fallback** (if `~/.youmind/` is not writable): `skills/youmind-qiita-article/output/<slug>.md`.
Confidence: 92% confidence
Finding: write local article Markdown files to `~/.youmind/articles/qiita/<slug>.md`. This shared home directory is available to all YouMind skills — see [`shared/YOUMIND_HOME.md`](shared/YOUMIND_HOME.md). **

Known Vulnerable Dependency: yaml==2.3.0 — 1 advisory(ies): CVE-2026-33532 (yaml is vulnerable to Stack Overflow via deeply nested YAML collections)

Low

Category: Supply Chain
Confidence: 97% confidence
Finding: yaml==2.3.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal