Lianke Print Box

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Lianke cloud printer/scanner helper with expected credential and document-handling risks, but no evidence of hidden or malicious behavior.

Install only if you trust the lk-print source and the Lianke cloud printing workflow. Treat the API key, device ID, and device key as secrets; avoid pasting them into shared terminals, chats, logs, or screenshots. Do not print or scan confidential documents unless you are comfortable with the cloud service, device owner, and document handling path.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs users to authenticate with an API key, device ID, and device key directly on the command line, but provides no warning about secure handling of these secrets. Command-line secrets can be exposed through shell history, process listings, logs, screenshots, or copied transcripts, which can lead to unauthorized access to cloud printing devices and related documents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal