Back to skill

Security audit

AIDSO 虾搜 GEO内容生产

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AIDSO content-generation skill, but it uses a sensitive API key, stores it locally if bound, and sends requests to AIDSO's API.

Install only if you intend to use AIDSO's remote API for this workflow. Prefer setting AIDSO_GEO_API_KEY in your environment instead of binding it into .env, avoid submitting confidential customer or business secrets in brand/issue prompts, and confirm the 6-point generation charge only when you mean to spend it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs execution of Python scripts that read environment variables, write a local .env file, and call external APIs, yet it declares no permissions. This creates a capability/permission mismatch that can bypass user and platform expectations about what the skill can access, especially because it handles API keys and performs network operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits the API key to a remote service in both the x-api-key header and the JSON body, but the CLI help does not clearly warn the user that binding performs a network call and sends the credential to a third party. In a skill context, users may assume a local configuration action, so the lack of explicit notice increases the risk of inadvertent credential disclosure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script stores the API key in a local .env file without warning the user that a plaintext credential will be written to disk in the skill directory. This can expose the secret to other local users, backups, repository commits, or accidental disclosure if the directory is shared.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.