Security audit

Story Short Scan

Security checks across malware telemetry and agentic risk

Overview

This skill mostly supports short-fiction market scanning, but it also automates access to a logged-in management backend by reusing a browser session token, which needs careful review before use.

Review this before installing. Use the public-data workflows only unless you are authorized to access the 黑岩 management backend and are comfortable letting the skill reuse your logged-in browser session token. Do not run the 黑岩 scraper from an account with broad administrative or business privileges unless the data collection is explicitly approved and scoped.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill instructs extracting authentication material from a logged-in browser session to call a backend API, which is effectively credential harvesting for delegated access. Even if intended for convenience, this bypasses normal user-mediated access controls and creates a serious risk of account abuse, overcollection, and exposure of privileged data.

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: Reusing a user's logged-in Chrome session to access complete platform data, including login-gated areas, enables the skill to act with the user's full privileges without granular consent. In this context, the danger is elevated because the skill targets non-public areas such as personal centers and management systems, which may expose private, account-bound, or administrative data unrelated to the declared task.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The script’s stated purpose is trend scanning of popular short fiction, but it actually targets an authenticated management backend and enumerates internal book-list data after requiring a logged-in admin session. That mismatch is dangerous because it disguises privileged data access as ordinary market research, increasing the likelihood of unauthorized internal data collection and misuse.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The script explicitly extracts the Admin-Token from browser cookies and reuses it as a Bearer token to call backend APIs, which is credential harvesting and replay of a privileged session. In the context of a trend-scanning skill, there is no legitimate need to capture admin authentication material, so this creates a serious risk of unauthorized access to protected business data and abuse of the operator’s account.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The instructions to reuse a logged-in session and extract a bearer token omit any warning that credentials and account-bound data may be accessed or reused. This lack of disclosure undermines informed consent and increases the chance a user unknowingly exposes privileged authentication material to automation.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The skill directs use of WebFetch and browser-based collection from external platforms but does not clearly disclose that network access will occur or what external data may be fetched and stored. While less severe than token extraction, this still creates a transparency and privacy problem, especially when users may paste links or provide partial data expecting local-only analysis.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal