Security audit

七牛云对象存储

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uploads a chosen local file to Qiniu object storage and returns a public or signed download link.

Install this only if you want agents to upload selected local files to your Qiniu bucket. Use least-privilege Qiniu credentials, verify QINIU_PUBLIC_DOMAIN and QINIU_IS_PRIVATE, and avoid uploading sensitive files unless you are comfortable with them leaving the local environment and with basic path/key details appearing in local logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill declares required binaries and environment variables and clearly instructs running Python scripts that upload local files to a remote object storage service, but it does not declare explicit permissions for environment access, file reads, and network egress. This creates a governance gap: the runtime capabilities are broader than what a permission model would signal, increasing the chance of silent data exfiltration or overly broad invocation in an agent environment.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger description includes broad workflow-stage language such as entering a 'delivery phase' after content generation, not just explicit user requests to upload. In an agentic system, that can cause the skill to activate unexpectedly and upload artifacts without sufficiently specific user intent, which is risky because the action performs external data transfer.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill is explicitly designed to upload local files using sensitive cloud credentials and return public or signed URLs, yet the documentation does not clearly warn users that local data will leave the environment and be sent to a third-party storage provider. In context, this is more dangerous because the skill can expose generated or existing local artifacts externally, including via public links, while depending on high-value credentials stored in environment variables.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal