Bilibili Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward public Bilibili lookup tool with no evidence of credential use, local file access, persistence, or account-changing behavior.

Install this if you want public Bilibili search and stats lookup. Avoid entering sensitive search terms, since queries and IDs are sent to Bilibili, and keep use moderate to avoid service-side rate limits or risk controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill explicitly uses public Bilibili interfaces and therefore performs outbound network access, but the manifest does not declare any corresponding permission. This creates a permission-transparency gap: operators and users cannot accurately assess what external communication the skill performs, which weakens policy enforcement, auditing, and trust boundaries.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal