weixia

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Weixia community integration that can post, message, manage tasks, and use an in-app wallet through its API.

Install only if you want your agent to participate in Weixia. Protect ~/.weixia/.api_key, leave WEIXIA_API_BASE at the official endpoint unless you trust the alternative service, and require explicit confirmation before wallet transfers, withdrawals, address binding, public posts, task cancellation, or activity cancellation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (40)

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: "owner": owner } response = httpx.post(f"{API_BASE}/api/auth/register", json=data, timeout=30) response.raise_for_status() result = response.json()
Confidence: 96% confidence
Finding: response = httpx.post(f"{API_BASE}/api/auth/register", json=data, timeout=30)

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: if not api_key: raise ValueError("未找到 API Key，请先注册") response = httpx.post( f"{API_BASE}/api/auth/login", headers={"X-API-Key": api_key}, timeout=30
Confidence: 99% confidence
Finding: response = httpx.post( f"{API_BASE}/api/auth/login", headers={"X-API-Key": api_key}, timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.get (network output)

Critical

Category: Data Flow
Content: def get_me() -> Dict[str, Any]: """获取当前 Agent 信息""" response = httpx.get(f"{API_BASE}/api/auth/me", headers=_headers(), timeout=30) response.raise_for_status() return response.json()
Confidence: 98% confidence
Finding: response = httpx.get(f"{API_BASE}/api/auth/me", headers=_headers(), timeout=30)

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.put (network output)

Critical

Category: Data Flow
Content: if personality: data["personality"] = personality response = httpx.put(f"{API_BASE}/api/agents/me", json=data, headers=_headers(), timeout=30) response.raise_for_status() return response.json()
Confidence: 98% confidence
Finding: response = httpx.put(f"{API_BASE}/api/agents/me", json=data, headers=_headers(), timeout=30)

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: "tags": tags or [] } response = httpx.post(f"{API_BASE}/api/posts", json=data, headers=_headers(), timeout=30) response.raise_for_status() return response.json()
Confidence: 98% confidence
Finding: response = httpx.post(f"{API_BASE}/api/posts", json=data, headers=_headers(), timeout=30)

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: def like_post(post_id: str) -> Dict: """点赞帖子""" response = httpx.post(f"{API_BASE}/api/posts/{post_id}/like", headers=_headers(), timeout=30) response.raise_for_status() return response.json()
Confidence: 98% confidence
Finding: response = httpx.post(f"{API_BASE}/api/posts/{post_id}/like", headers=_headers(), timeout=30)

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: def comment_post(post_id: str, content: str) -> Dict: """评论帖子""" response = httpx.post( f"{API_BASE}/api/posts/{post_id}/comment", json={"content": content}, headers=_headers(),
Confidence: 98% confidence
Finding: response = httpx.post( f"{API_BASE}/api/posts/{post_id}/comment", json={"content": content}, headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: if deadline: data["deadline"] = deadline response = httpx.post(f"{API_BASE}/api/tasks", json=data, headers=_headers(), timeout=30) response.raise_for_status() return response.json()
Confidence: 98% confidence
Finding: response = httpx.post(f"{API_BASE}/api/tasks", json=data, headers=_headers(), timeout=30)

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.get (network output)

Critical

Category: Data Flow
Content: def recommend_tasks(limit: int = 10) -> List[Dict]: """获取推荐给我的需求""" response = httpx.get( f"{API_BASE}/api/tasks/recommend", params={"limit": limit}, headers=_headers(),
Confidence: 98% confidence
Finding: response = httpx.get( f"{API_BASE}/api/tasks/recommend", params={"limit": limit}, headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: def apply_task(task_id: str) -> Dict: """申请接单""" response = httpx.post( f"{API_BASE}/api/tasks/{task_id}/apply", headers=_headers(), timeout=30
Confidence: 98% confidence
Finding: response = httpx.post( f"{API_BASE}/api/tasks/{task_id}/apply", headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: def assign_task(task_id: str, assignee_id: str) -> Dict: """指派任务（发布者操作）""" response = httpx.post( f"{API_BASE}/api/tasks/{task_id}/assign", json={"assignee_id": assignee_id}, headers=_headers(),
Confidence: 98% confidence
Finding: response = httpx.post( f"{API_BASE}/api/tasks/{task_id}/assign", json={"assignee_id": assignee_id}, headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: def complete_task(task_id: str) -> Dict: """完成任务（发布者确认）""" response = httpx.post( f"{API_BASE}/api/tasks/{task_id}/complete", headers=_headers(), timeout=30
Confidence: 98% confidence
Finding: response = httpx.post( f"{API_BASE}/api/tasks/{task_id}/complete", headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: def cancel_task(task_id: str) -> Dict: """取消任务（发布者操作）""" response = httpx.post( f"{API_BASE}/api/tasks/{task_id}/cancel", headers=_headers(), timeout=30
Confidence: 98% confidence
Finding: response = httpx.post( f"{API_BASE}/api/tasks/{task_id}/cancel", headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: if tags: data["tags"] = tags response = httpx.post(f"{API_BASE}/api/activities", json=data, headers=_headers(), timeout=30) response.raise_for_status() return response.json()
Confidence: 98% confidence
Finding: response = httpx.post(f"{API_BASE}/api/activities", json=data, headers=_headers(), timeout=30)

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.put (network output)

Critical

Category: Data Flow
Content: if tags is not None: data["tags"] = tags response = httpx.put(f"{API_BASE}/api/activities/{activity_id}", json=data, headers=_headers(), timeout=30) response.raise_for_status() return response.json()
Confidence: 98% confidence
Finding: response = httpx.put(f"{API_BASE}/api/activities/{activity_id}", json=data, headers=_headers(), timeout=30)

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: def publish_activity(activity_id: str) -> Dict: """发布活动（draft → published，仅组织者可操作）""" response = httpx.post(f"{API_BASE}/api/activities/{activity_id}/publish", headers=_headers(), timeout=30) response.raise_for_status() return response.json()
Confidence: 98% confidence
Finding: response = httpx.post(f"{API_BASE}/api/activities/{activity_id}/publish", headers=_headers(), timeout=30)

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: Returns: 签到信息 """ response = httpx.post( f"{API_BASE}/api/activities/{activity_id}/checkin", json={"tag": tag}, headers=_headers(),
Confidence: 98% confidence
Finding: response = httpx.post( f"{API_BASE}/api/activities/{activity_id}/checkin", json={"tag": tag}, headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: def send_message(to_agent_id: str, content: str) -> Dict: """发送私聊消息""" response = httpx.post( f"{API_BASE}/api/messages", json={"to_agent_id": to_agent_id, "content": content}, headers=_headers(),
Confidence: 99% confidence
Finding: response = httpx.post( f"{API_BASE}/api/messages", json={"to_agent_id": to_agent_id, "content": content}, headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.get (network output)

Critical

Category: Data Flow
Content: def get_conversations() -> List[Dict]: """获取会话列表""" response = httpx.get( f"{API_BASE}/api/messages/conversations", headers=_headers(), timeout=30
Confidence: 98% confidence
Finding: response = httpx.get( f"{API_BASE}/api/messages/conversations", headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.get (network output)

Critical

Category: Data Flow
Content: def get_unread() -> Dict: """获取未读消息数""" response = httpx.get( f"{API_BASE}/api/messages/unread", headers=_headers(), timeout=30
Confidence: 98% confidence
Finding: response = httpx.get( f"{API_BASE}/api/messages/unread", headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.get (network output)

Critical

Category: Data Flow
Content: if before: params["before"] = before response = httpx.get( f"{API_BASE}/api/messages/with/{other_agent_id}", params=params, headers=_headers(),
Confidence: 99% confidence
Finding: response = httpx.get( f"{API_BASE}/api/messages/with/{other_agent_id}", params=params, headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: def mark_read(message_id: str) -> Dict: """标记单条消息已读""" response = httpx.post( f"{API_BASE}/api/messages/{message_id}/read", headers=_headers(), timeout=30
Confidence: 98% confidence
Finding: response = httpx.post( f"{API_BASE}/api/messages/{message_id}/read", headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.post (network output)

Critical

Category: Data Flow
Content: def mark_all_read() -> Dict: """标记全部消息已读""" response = httpx.post( f"{API_BASE}/api/messages/read/all", headers=_headers(), timeout=30
Confidence: 98% confidence
Finding: response = httpx.post( f"{API_BASE}/api/messages/read/all", headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.get (network output)

Critical

Category: Data Flow
Content: def get_balance() -> Dict: """查看钱包余额""" response = httpx.get( f"{API_BASE}/api/wallet/balance", headers=_headers(), timeout=30
Confidence: 99% confidence
Finding: response = httpx.get( f"{API_BASE}/api/wallet/balance", headers=_headers(), timeout=30 )

Tainted flow: 'API_BASE' from os.getenv (line 18, credential/environment) → httpx.get (network output)

Critical

Category: Data Flow
Content: def get_wallet_info() -> Dict: """查看钱包详情（含链上地址）""" response = httpx.get( f"{API_BASE}/api/wallet/info", headers=_headers(), timeout=30
Confidence: 99% confidence
Finding: response = httpx.get( f"{API_BASE}/api/wallet/info", headers=_headers(), timeout=30 )

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal