Last 30 Days—CN版

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed China social-media research tool that queries RedFox and writes local reports, with some credential-handling and activation-boundary cautions but no artifact-backed malicious behavior.

Install only if you are comfortable sending research keywords to redfox.hk and having JSON or HTML reports saved locally. Prefer passing a personal key explicitly with --api-key if needed, and avoid putting sensitive client names, confidential product plans, or private investigations into search terms unless that data sharing is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The README explicitly advertises a built-in free public API key, which means the skill likely ships with shared credentials or relies on embedded secret material. Even if the key is intended to be public, bundling credentials into a broadly distributed skill creates abuse, quota exhaustion, attribution, and possible downstream account compromise risks that are unrelated to the user-facing research function.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The document gives contradictory guidance: it warns not to hard-code or expose keys, while also claiming the skill includes a built-in free public key. This contradiction strongly suggests insecure credential handling practices and normalizes embedding credentials in distributable artifacts, increasing the likelihood of key leakage, misuse, and user confusion about what secrets are safe to trust.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The README explicitly states the skill includes a built-in free public API key, which strongly suggests shared embedded credentials are available to anyone using the skill. Even if intended for convenience, embedded or public keys can be abused for unauthorized usage, quota exhaustion, attribution issues, and may expose downstream data access under a shared identity.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The script embeds a public API key in source code and explicitly prioritizes it over user-supplied environment configuration. Hard-coded shared credentials are dangerous because they can be extracted, abused by anyone with access to the code, exhaust the shared quota, and create attribution and supply-chain risk for all users of the skill.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The README says users can invoke the skill with ordinary natural-language requests and provides no strong activation boundaries. That makes accidental triggering more likely during unrelated conversations, which can cause unintended web queries, API consumption, and data/report generation without clear user intent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The sample phrases are generic requests such as 'Research AI video tools for me' and 'Generate an HTML visualization report,' which overlap with common assistant interactions. Without explicit activation constraints, an orchestrator may route ordinary user requests into this skill unexpectedly, leading to unintended external calls and file creation.

Vague Triggers

Medium

Confidence: 73% confidence
Finding: Describing invocation as accepting any natural-language request without explicit trigger boundaries increases the chance of over-broad activation and unintended execution in unrelated conversations. In a skill that performs external research and report generation, ambiguous triggering can cause accidental data collection, unnecessary third-party calls, or misuse based on loosely related user input.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill enables implicit invocation but defines no trigger constraints, exclusions, or scope limits. That increases the chance the agent will activate this skill opportunistically in unrelated conversations, causing unintended data access, unexpected behavior, or user confusion about why a China-focused social-media research tool was invoked.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends the user's search keyword and API credential to an external third-party service (redfox.hk) without an explicit consent or privacy warning at the point of use. This is risky because user queries may contain sensitive business topics, client names, or investigative terms, and the external service receives both the content and authentication material for processing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal