Back to skill

Security audit

bangumi-tracker

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Bangumi account tracker, but users should understand that it stores OAuth tokens locally and can change their Bangumi collection when commands are run.

Install only if you are comfortable giving this script OAuth access to your Bangumi account. Review IDs carefully before running mutating commands like uncollect, collect-character uncollect, collect-person uncollect, or watch/unwatched, and protect or remove ~/.bangumi/token.json on non-Windows systems when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation describes capabilities that read and write local files and perform network-based OAuth/API actions, but it does not declare permissions accordingly. This weakens consent and review boundaries because users and host systems may not realize the skill will store credentials locally and contact external services.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documented uncollect command performs a destructive account-data change, but the skill text gives no warning that it removes items from the user's Bangumi collection and does not mention confirmation safeguards. This increases the chance of accidental or socially induced data loss when users or agents invoke the command.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The watch commands change episode status on the user's Bangumi account, but the documentation does not clearly warn that these commands write remote account data. Without a warning or confirmation pattern, users may trigger unintended progress changes that affect their public or personal tracking history.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
On non-Windows systems, OAuth tokens are stored in ~/.bangumi/token.json in plaintext, and the config file may also persist sensitive OAuth material depending on platform assumptions. Any local user, backup process, malware, or accidental file sharing that can read these files could reuse the tokens to access or modify the user's Bangumi account.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.