B站推送附件

Security checks across malware telemetry and agentic risk

Overview

This skill appears to fetch Bilibili trending videos as advertised, with no evidence of credential access, persistence, private data use, or destructive behavior.

Before installing, be comfortable with the skill running local Python and making a request to Bilibili's public API when invoked. Ensure Python and the requests dependency come from a trusted environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill declares direct tool dispatch to a native tool (`bili_fetch_tool`) in raw argument mode and appears to perform network retrieval, but it does not declare permissions. That creates a transparency and policy-enforcement gap: callers and the platform may not have an accurate view of the skill's effective capabilities, which can enable unintended outbound requests or weaken security review.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill invokes a local Python script via a subprocess but does not disclose that behavior to the user, creating an execution boundary the user may not expect. Even though the command uses a fixed script path and does not interpolate user input, hidden subprocess execution increases risk because the Python script can perform network access, file access, or other side effects outside the visible JavaScript logic.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal