Security audit

B站关键词搜账号

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Bilibili account-search helper that uses a RedFox API key and sends search terms to RedFox for the stated purpose.

Install only if you trust RedFoxHub and are comfortable sending Bilibili search keywords to redfox.hk. Use a revocable REDFOX_API_KEY, keep it in local environment configuration, and treat generic follow-up prompts like "show me more" as continuing the prior Bilibili search.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill documentation instructs users to supply an API key via an environment variable and to contact an external service, which means the skill uses env and network capabilities. If the skill does not explicitly declare those permissions, users and the host system lack clear notice that secrets and outbound requests are involved, weakening consent and review controls. In this context the behavior appears aligned with the tool's purpose, so this looks like an undeclared-capability issue rather than overtly malicious behavior.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The README explicitly says the skill can be invoked through broad natural-language descriptions with no fixed commands. That increases the chance of accidental activation during ordinary conversation, which can trigger external API calls or expose user intent unexpectedly. In this skill's context, the risk is moderate because the action is limited to account search, but it still creates unintended tool use and privacy/UX issues.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The phrase 'Show me more' is extremely generic and commonly appears in normal dialogue, making follow-up invocation highly collision-prone. If the agent interprets this as a paging command automatically, it may continue making external requests or revealing additional results without clear user intent to operate this specific skill.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The description is broad enough that the skill may be invoked for generic account-search or creator-discovery requests without strong scope boundaries. That can cause unintended activation and unnecessary transmission of user queries to a third-party API, creating privacy and least-privilege concerns even if the skill's function itself is legitimate. The skill context lowers the severity because the action is limited to Bilibili account search, but the trigger conditions are still overly expansive.

Env Variable Harvesting

High

Category: Data Exfiltration
Content: def get_api_key() -> str: val = os.environ.get("REDFOX_API_KEY", "") if not val: print("[error] 未找到环境变量 REDFOX_API_KEY，请确认已设置 API Key", file=sys.stderr) sys.exit(1)
Confidence: 70% confidence
Finding: os.environ.get("REDFOX_API_KEY

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.