百度热榜监控 | Baidu Hot Monitor

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned Baidu hot-topics monitoring skill that fetches public trend data and saves local history, but users should be aware it creates persistent local files.

Install only if you want a skill that fetches Baidu hot-topic data and keeps local history. Use it in a workspace where local SQLite databases, logs, and HTML reports are acceptable, and review or delete the data directory when you no longer need the retained monitoring history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill advertises only a trending-topics monitor, but the documentation clearly indicates shell execution, network retrieval, and local file/database writes without any declared permissions or trust boundary explanation. This can mislead users and hosting platforms about the skill's actual capabilities, increasing the risk of unexpected persistence or external access when the skill is invoked.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The documented behavior extends beyond simple retrieval of Baidu hot topics into persistent collection, historical querying, logging, and HTML report generation. This is a meaningful expansion of functionality that changes the privacy and security profile of the skill, because users may invoke it expecting ephemeral lookup while it actually creates durable local datasets and reports.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The trigger list includes very broad terms such as '百度', '热搜', and 'baidu', which are common in ordinary conversation and can cause unintended activation. In this skill's context, accidental invocation is more concerning because the documentation also describes network fetches and persistent local storage, so a casual mention could trigger actions with side effects.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation explicitly describes collecting hot-topic data, saving it into a SQLite database, and generating local HTML output, but it does not provide a clear warning that invoking these features creates persistent artifacts on disk. Lack of clear disclosure can lead to unintentional retention of research activity, monitored keywords, or usage history, which is especially problematic on shared systems or managed agent environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal