Back to skill

Security audit

Tianapi Barcode - 商品条形码查询

Security checks across malware telemetry and agentic risk

Overview

The skill does the advertised barcode lookup, but it handles the user’s TianAPI key in ways that can expose the credential and the helper script is malformed.

Review before installing. Use only a low-privilege TianAPI key, avoid passing it on the command line, do not share command output that may contain the key, and do not store scripts/.env in a shared or committed workspace. The publisher should fix the script syntax, align the documented environment variable with the code, and redact API keys from displayed URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill documentation indicates use of environment variables, local files (.env), and outbound network access, but no explicit permissions model is declared beyond metadata requirements. This creates a transparency and governance gap: users and platforms may not clearly understand that the skill reads secrets and transmits data externally to a third-party API.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation tells users to pass the API key directly on the command line, which can expose credentials through shell history, process listings, logs, and telemetry. Even if convenient, this is an unsafe secret-handling pattern that increases the likelihood of accidental key disclosure.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script appends the API key to the image URL and prints that full URL to the user. This exposes a live credential in terminal logs, shell history, screenshots, copied output, or downstream tooling, which can enable unauthorized API use until the key is rotated or the signed URL expires.

Credential Access

High
Category
Privilege Escalation
Content
# 方式一:环境变量(推荐,一次配置永久生效)
    export TIANAPI_BARCODE_KEY=你的APIKey

    # 方式二:.env 文件(在脚本目录创建)
    echo "TIANAPI_BARCODE_KEY=你的APIKey" > scripts/.env

    # 方式三:每次命令行传入
Confidence
71% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
export TIANAPI_BARCODE_KEY=你的APIKey

    # 方式二:.env 文件(在脚本目录创建)
    echo "TIANAPI_BARCODE_KEY=你的APIKey" > scripts/.env

    # 方式三:每次命令行传入
    python3 scripts/fetch_barcode.py --key 你的APIKey --barcode 6976586902578
Confidence
74% confidence
Finding
.env

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.