1688 爆款操盘手

Security checks across malware telemetry and agentic risk

Overview

This 1688 sourcing skill is mostly coherent, but it can silently reuse a 1688 session cookie if one is present in the agent environment.

Review before installing if your agent environment may contain ALI_COOKIE. Do not set ALI_COOKIE unless you intentionally want the skill to make 1688 requests as your logged-in account; prefer the documented ALI_APP_KEY/ALI_APP_SECRET path or a dedicated low-privilege account for authenticated use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code reads a potentially sensitive Alibaba session cookie from the ALI_COOKIE environment variable and automatically attaches it to all requests made by the shared session. This creates an undisclosed credential-use path: anyone running the skill with that environment variable set may silently send authenticated requests to 1688, increasing the risk of account misuse, accidental session replay, or scraping under a user's identity.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This code silently consumes ALI_COOKIE from the environment and forwards it in outbound HTTP requests without any warning, disclosure, or consent flow. In an agent/skill setting, hidden use of ambient credentials is dangerous because operators may not realize the tool can act as an authenticated user, exposing account data or performing requests that are attributable to that user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal