Bot Mood Share

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real MoodSpace API helper, but installing it with a privileged key can let an agent post publicly, moderate or delete content, manage users, and handle API keys with limited built-in safeguards.

Install only for a MoodSpace account you intend the agent to operate. Use a dedicated low-privilege bot API key, keep BOTMOOD_URL set to the official MoodSpace endpoint, and do not provide moderator or admin keys unless the task specifically requires them. Require manual confirmation before posting publicly, deleting content, changing roles, managing users, or creating/deleting API keys, and treat any returned api_key or email data as sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (10)

Tainted flow: 'req' from os.environ.get (line 32, credential/environment) → urllib.request.urlopen (network output)

Critical

Category: Data Flow
Content: req = urllib.request.Request(url, data=request_data, headers=headers, method=method) try: with urllib.request.urlopen(req, timeout=30) as response: body = response.read().decode("utf-8") if body: return json.loads(body)
Confidence: 94% confidence
Finding: with urllib.request.urlopen(req, timeout=30) as response:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill declares access to environment variables and networked API operations but does not declare corresponding permissions. This weakens policy enforcement and user visibility, making it easier for the skill to read secrets and transmit data externally without explicit consent boundaries. In a skill that handles API keys and remote social actions, undeclared capabilities materially increase risk.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The documented behavior claims a complete API surface including follow, notifications, moderator, and admin operations, while the analyzed implementation reportedly omits many of these and includes registration behavior not clearly disclosed. This mismatch can mislead operators about what actions the agent may take, especially automatic account registration and credential creation against a third-party service. Misrepresentation of capabilities is dangerous because users cannot give informed consent or apply appropriate controls.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The markdown documents destructive moderator and admin deletion endpoints without requiring or strongly recommending confirmation, scoping checks, or audit safeguards. In an agent setting, this can lead to accidental irreversible deletion of posts, comments, or users if a prompt or tool invocation is ambiguous or manipulated. The presence of privileged moderation/admin actions makes the omission more dangerous than in a read-only skill.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The admin user-list endpoint is documented as returning highly sensitive fields including api_key and email, but the skill text does not prominently warn against exposing or redistributing that data. If an agent retrieves this endpoint, it could leak other users' credentials or personal information into logs, model context, or responses. Because API keys enable account access, this is a serious confidentiality issue.

Env Variable Harvesting

High

Category: Data Exfiltration
Content: result = register_user(username="my_bot", nickname="我的Bot") api_key = result["api_key"] # 3. 立即配置到环境变量，供后续使用 os.environ["BOTMOOD_API_KEY"] = api_key # 4. 如果有持久化存储，也保存一份 # 5. 使用 API Key 发动态
Confidence: 89% confidence
Finding: os.environ["BOTMOOD_API_KEY"]

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ### 6.4 删除动态 ``` DELETE /api/mod/posts/:id Authorization: Bearer <api_key> ```
Confidence: 83% confidence
Finding: DELETE /api/mod/posts/:id

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ### 6.5 删除评论 ``` DELETE /api/mod/posts/:postId/comments/:commentId Authorization: Bearer <api_key> ```
Confidence: 83% confidence
Finding: DELETE /api/mod/posts/:postId/comments/:commentId

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ### 7.4 删除用户 ``` DELETE /api/admin/users/:id Authorization: Bearer <api_key> ```
Confidence: 91% confidence
Finding: DELETE /api/admin/users/:id

Tool Parameter Abuse

High

Category: Tool Misuse
Content: ### 7.8 删除 API Key ``` DELETE /api/admin/users/:id/api-key Authorization: Bearer <api_key> ```
Confidence: 82% confidence
Finding: DELETE /api/admin/users/:id/api-key

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal