Back to skill

Security audit

YesApi 果创云低代码平台

Security checks across malware telemetry and agentic risk

Overview

This skill matches its YesApi data-management purpose, but it can make live authenticated changes and deletions without clear confirmation or dry-run safeguards.

Install only if you intend to let the agent act on a YesApi account with the configured credentials. Use test or least-privileged credentials, verify the YESAPI_DOMAIN, avoid production data until delete and batch operations require explicit confirmation or dry-run previews, and do not run test_yesapi.py against production credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This script performs authenticated create, update, and delete operations against a live remote API, including batch update/delete and model deletion capabilities, with no guardrails such as confirmation prompts, environment gating, sandbox enforcement, or dry-run defaults. In an agent-skill context with unknown deployment targets, this can unintentionally alter or destroy production data if valid credentials are present.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly advertises delete and batch-delete capabilities but provides no warning about destructive effects, confirmation requirements, or safe usage expectations. In an agent skill context, natural-language commands can trigger dangerous actions more easily, so lack of documented safeguards increases the chance of accidental or unauthorized data deletion.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README instructs users to store sensitive values such as YESAPI_APP_KEY and YESAPI_SIGN in a .env file but does not warn against committing secrets, exposing logs, or sharing configuration files. While environment variables are a normal mechanism, missing handling guidance can lead to credential leakage through source control, screenshots, or debugging output.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly exposes delete and batch-delete capabilities but does not warn users that these operations are destructive and may permanently remove records. In a user-invocable skill that manages remote data, lack of a clear confirmation or irreversible-action warning increases the risk of accidental mass data loss.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill requires sensitive credentials and sends requests to an external API, but it does not clearly warn users that data entered into the skill and the configured secrets will be used for outbound network operations. This omission can cause users to expose sensitive business data or misunderstand the trust boundary of the integration.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
pydantic>=1.10.0
python-dotenv>=0.19.0
Confidence
96% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
pydantic>=1.10.0
python-dotenv>=0.19.0
Confidence
96% confidence
Finding
pydantic>=1.10.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
pydantic>=1.10.0
python-dotenv>=0.19.0
Confidence
95% confidence
Finding
python-dotenv>=0.19.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
94% confidence
Finding
requests

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
90% confidence
Finding
pydantic

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
65% confidence
Finding
python-dotenv

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.