Back to skill

Security audit

B站评论分析

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Bilibili comment-analysis tool that uses a disclosed RedFox API key, fetches public comment data, and writes optional local HTML reports, with some privacy and report-handling cautions.

Install only if you are comfortable sending a Bilibili BV ID and your RedFox API key to redfox.hk. Review generated HTML before sharing it, because reports can include commenter names, profile links, timestamps, IP regions, and AI-generated summary HTML saved locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and relies on environment access, file read/write, and network behavior but does not declare any permissions or user-facing constraints. This weakens informed consent and capability scoping, making it easier for the skill to access local credentials, write shareable artifacts, and exfiltrate data through remote API calls without clear visibility to the user.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README says users can invoke the skill with arbitrary natural language and '无需记忆固定命令', which creates weak activation boundaries. In an agent environment, broad matching can cause accidental invocation from unrelated conversation context, leading to unintended API calls, stateful follow-up behavior, or disclosure of fetched comment data when the user did not explicitly intend to run the tool.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Triggers like '下一页' and '第3页' are extremely generic and likely to appear in ordinary conversation unrelated to this skill. If the agent maintains session state, these phrases could unintentionally continue a prior comment-analysis workflow and retrieve more external data without a deliberate user request.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Report-generation triggers such as '需要' or '生成HTML' are too vague to safely control creation of output artifacts. These phrases can occur in many benign conversations, so the skill may generate HTML reports unexpectedly, potentially embedding fetched comment content into a persistent file without clear user intent or review.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README emphasizes fetching, displaying, analyzing, and exporting user comments, including nicknames, profile links, timestamps, and IP-region fields, but does not clearly warn users about privacy implications or downstream handling of personal data. This increases the risk of over-collection, inappropriate sharing, or retention of third-party user data through reports and copied outputs.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation about comments or analysis, which can cause the skill to activate when the user did not intend to invoke it. Because the skill performs network retrieval and may generate local files, accidental activation increases the chance of unintended data access, third-party requests, or report generation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Allowing unrestricted natural-language activation without scope constraints makes it ambiguous when the skill should run and what actions it is allowed to take. In context, this is more dangerous because the workflow includes external API access and HTML file generation, so casual phrases could trigger side effects beyond simple chat responses.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill retrieves and displays comment metadata including IP location and supports saving/sharing an HTML report, but the description does not clearly warn users about these privacy-sensitive behaviors. This creates a risk of over-collection, redistribution, or mishandling of personal or quasi-personal information, especially when reports are shared offline or externally.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The authentication guidance tells users to store an API key in local configuration or environment variables without emphasizing that the key is sensitive and should be protected. While this is common practice, omitting security guidance increases the risk of accidental exposure through shared shell history, screenshots, backups, or overly permissive file permissions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow instructs the agent to create local JSON files and then automatically open a generated HTML report, but it does not require explicit user consent or a safety warning before these side effects occur. Opening locally generated HTML can trigger active browser behavior (scripts, external resource loads, tracking requests) and file creation in user directories may surprise users or expose them to unwanted persistence or sensitive-data residue.

Unbounded Output

Medium
Category
Output Handling
Content
### Highlights

- **Bilibili meme culture understanding**: Recognizes awsl / yyds / xswl / 爷青回 / 下次一定 and other barrage slang in their real context
- **Complete data display**: Work details (views / likes / coins / favorites / danmaku, etc.) and full comment table — no truncation
- **Encoding-safe backfill**: Intelligent encoding ensures Chinese analysis content is injected into reports without corruption

---
Confidence
89% confidence
Finding
no truncation

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.