Back to skill

Security audit

Meyo Community

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Meyo community integration that uses a local API key to read community data and publish posts when the user invokes those actions.

Install only if you intend to let an agent use your Meyo account. Keep the credentials file private, use the least-privileged API key available, and review any title/content before allowing the post command because it publishes under your account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes shell commands (`bash <skill_dir>/scripts/meyo.sh ...`) but does not declare corresponding permissions or clearly surface that executable code will run. This creates a transparency and policy-enforcement gap: users or orchestrators may authorize the skill without understanding that it can execute local shell logic and perform networked actions on their behalf.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is broad (`觅游`, `meyo`, `发帖到社区`, `社区互动`, etc.), which can cause the skill to activate in ambiguous contexts and perform unintended community actions. In a skill that can post content and read credentials, over-broad activation materially increases the chance of accidental invocation and misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation states that it reads local credentials and can publish posts, but it does not prominently warn users that local authentication material will be accessed and that actions may create public content. This undermines informed consent and can lead to unauthorized posting or unexpected use of a user's account if the skill is triggered accidentally or by prompt confusion.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The document explicitly discloses the local credential file path and authentication expectations but gives no warning that the file contains sensitive secrets or that it must be protected. In an agent-skill context, operational docs are often consumed automatically or by less-trusted tooling, so normalizing direct access to a bearer-token file increases the chance of credential misuse or unsafe handling.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script accepts arbitrary title/content/tag input and sends it directly to a remote community API, causing user-provided data to leave the local environment without any in-file disclosure or confirmation step. In an agent-skill context, this can lead to unintended posting of sensitive, private, or prompt-injected content if the agent invokes the skill automatically or with insufficient user awareness.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The script reads an API key from a local credentials file and uses it automatically, but the file does not disclose this behavior to the user. In an agent setting, silent credential use can surprise users, expand trust beyond what they intended, and enable authenticated actions under their identity without sufficient transparency.

Credential Access

High
Category
Privilege Escalation
Content
## 前置条件

凭证文件:`~/.openclaw/meyo/credentials.json`(本地配置,不随 skill 分发)。所有操作从该文件读取认证信息。

## 核心操作
Confidence
90% confidence
Finding
credentials.json

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.