Back to skill

Security audit

Qq Zone Photo

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed QQ Zone photo-management skill, but it handles powerful QQ session cookies and can change or copy account photos.

Install only if you are comfortable giving the skill access to your QQ Zone photo session. Keep cookies.json private, avoid synced or shared folders, delete it if exposed, verify album IDs and output paths before bulk downloads, and confirm uploads or album creation before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill requires shell execution, network access, and local file read/write to handle QQ cookies and photo uploads/downloads, but these capabilities are not declared in the skill metadata. This creates a permission-transparency gap: an agent or user may invoke a skill that can exfiltrate credentials, overwrite local files, or make remote requests without explicit policy review or consent boundaries.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation condition is broad enough to match general photo-management requests, which can cause the agent to select this skill in situations where the user did not specifically intend QQ空间 operations. In context, this is more dangerous because the skill handles powerful authenticated actions against a personal account and can read/write local files as part of uploads and backups.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples encourage uploading photos, creating albums, and downloading all albums without prominent warnings about remote data modification, credential use, or potentially large local writes. That omission increases the risk of the agent performing destructive or privacy-sensitive actions without clear user understanding, especially for bulk backup operations that may fill disk or expose sensitive personal media.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script persists QQ authentication material including p_skey, skey, and uin to a plaintext JSON file on disk. If that file is read by another local user, malware, backup system, or accidentally committed/shared, an attacker may be able to reuse the session to access and act on the victim's QQ Zone account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.