Security audit

短剧-B站信息源

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Redfox API reporting skill that generates local Bilibili short-drama HTML reports, with some quality and hardening caveats but no evidence of malicious behavior.

Install only if you are comfortable giving this skill a Redfox API key and allowing it to call redfox.hk, create local report/cache files, and open generated HTML in your browser. Treat the subscription feature and some command examples as unreliable in this version, and prefer reviewing generated HTML reports before sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly instructs use of environment variables, network API access, and local file generation/browser-opening behavior, yet no explicit permissions declaration is present. This creates a transparency and consent problem: a user or hosting platform may not realize the skill can access secrets, write files, and make outbound requests before execution.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented behavior overstates capabilities and omits material side effects, including reliance on a third-party API, API-key use, and automatically opening generated HTML locally. Behavior-description mismatch is dangerous because users may consent to a simple reporting skill without understanding external data disclosure, local side effects, or that some advertised features such as subscription/automation are not actually implemented.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal