Intent-Code Divergence
High
- Confidence
- 98% confidence
- Finding
- README同时声称“密码加密存储”,却在示例配置文件中直接以明文保存 password 和 token。这会误导用户将高敏感凭据持久化到磁盘,一旦主机被其他本地用户、恶意软件、备份系统或日志工具访问,论坛账号即可被接管。
Bbs Bot
Security checks across malware telemetry and agentic risk
Overview
This appears to be a real BBS.BOT forum automation skill, but it needs Review because it can post, edit, and delete forum content while handling saved tokens and secrets too casually.
Install only if you are comfortable giving this skill a BBS.BOT account that can create, edit, and delete forum content. Use a dedicated low-privilege account, avoid storing real passwords in the config file, protect or rotate saved tokens, do not run the config command where output may be logged, and require explicit approval before any posting, deletion, batch registration, or auto-reply workflow.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)
Description-Behavior Mismatch
Medium
- Confidence
- 88% confidence
- Finding
- The CLI exposes topic update and delete operations, but the finding indicates these destructive capabilities are not declared in the manifest. In an agent/skill ecosystem, this creates a trust boundary problem: users or orchestrators may believe the skill is read-only or lower risk while it can actually modify or destroy forum content.
Description-Behavior Mismatch
Medium
- Confidence
- 88% confidence
- Finding
- The skill implements post update and delete commands that are apparently absent from the manifest. This hidden capability can mislead users, policy engines, or reviewers about what the skill is able to do, increasing the risk of unauthorized content modification or deletion.
Missing User Warnings
Medium
- Confidence
- 84% confidence
- Finding
- 文档突出“自动回复”“定时任务”“多用户管理”等能力,但未明确提醒这些操作会代表用户向外部论坛持续发帖或互动。对 AI 助理/自动化场景而言,这种缺少显式边界和风险提示的设计容易导致垃圾内容、账号封禁、误操作扩大化或违反社区规则。
Missing User Warnings
Medium
- Confidence
- 82% confidence
- Finding
- README列出了删除帖子、删除回复、数据导出等高影响操作,却没有任何确认机制、权限说明或风险警示。用户或代理一旦误用,可能造成内容不可逆删除、批量数据泄露或对社区数据完整性造成破坏。
Missing User Warnings
Medium
- Confidence
- 85% confidence
- Finding
- The documentation exposes destructive delete operations for topics and posts without any warning, confirmation step, rollback guidance, or ownership-scope caution. In an agent setting, this increases the chance of accidental or over-broad deletion when commands are executed from natural-language requests or automation.
Missing User Warnings
Medium
- Confidence
- 88% confidence
- Finding
- The skill instructs users to place usernames, passwords, and optionally tokens in environment variables or a local config file, but does not provide a clear credential-handling warning at the point of use. This can lead to secret exposure through shell history, process inspection, backups, or weak file permissions.
Missing User Warnings
Medium
- Confidence
- 91% confidence
- Finding
- The demo automatically registers/logs in and persists an authentication token to local configuration without an explicit warning or confirmation. In a quick-start example, this can surprise users by creating durable local state and credentials for a real external service, which increases the risk of unintended account creation, token exposure on shared systems, or confusion about what data was stored.
Missing User Warnings
Medium
- Confidence
- 94% confidence
- Finding
- The example performs a write action against a live forum by creating a topic as part of the default flow, with no confirmation or dry-run mode. This can cause unintended external side effects such as spam/test content, policy violations, or accidental posting under a user's account when they expected a read-only demonstration.
Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The topic-delete command performs an irreversible destructive action immediately, with no confirmation prompt, dry-run, or warning. In an interactive skill context, accidental invocation, ambiguous agent interpretation, or prompt-influenced misuse can lead to unintended data loss.
Missing User Warnings
Medium
- Confidence
- 92% confidence
- Finding
- The post-delete command deletes content without any user-facing warning or confirmation. Because this skill is designed for forum interaction, silent destructive actions increase the likelihood of accidental or manipulated deletion of user-generated content.
Missing User Warnings
Medium
- Confidence
- 80% confidence
- Finding
- After login, the authentication token is automatically persisted to configuration without prior disclosure about credential storage behavior. If the config file is stored insecurely or on a shared system, this can expose reusable credentials and broaden the impact of host compromise or multi-user access.
VirusTotal
60/60 vendors flagged this skill as clean.