知乎热榜 - UAPIPRO
Security checks across malware telemetry and agentic risk
Overview
This skill appears to fetch Zhihu trending topics from a disclosed UAPIPRO endpoint using the user's API key.
Install only if you are comfortable providing a UAPIPRO_API_KEY to requests sent to uapis.cn. The skill does not appear to persist data or modify local files, but the API provider will receive the key and request metadata when the script is used.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.