Back to skill

Security audit

猪八戒网官方技能

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real ZBJ business integration, but it gives an agent direct authority over high-impact marketplace actions with unclear provenance and limited safeguards.

Install only if you trust the publisher and are comfortable letting the agent perform ZBJ marketplace actions. Use a least-privilege API key if available, review every state-changing request before it is sent, and prefer a version that clearly discloses third-party status and updates/pins axios.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The document presents the skill as an 'official' ZBJ integration/skill, but later disclaims that it is not an official client. This identity inconsistency can mislead users into trusting the skill with sensitive API keys and business actions they might not authorize for a third-party integration.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
This bridge exposes destructive business actions such as closing demands, pausing demands, eliminating sellers, selecting winners, and closing orders as direct callable operations without any confirmation, dry-run, or secondary authorization in this layer. In an agent context, a mistaken tool invocation or prompt-injected action could immediately change marketplace state and cause financial or operational harm.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "ZBJ",
  "license": "MIT",
  "dependencies": {
    "axios": "^1.7.7"
  }
}
Confidence
89% confidence
Finding
"axios": "^1.7.7"

Known Vulnerable Dependency: axios==1.7.7 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
axios==1.7.7

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
bridge.js:11