Back to skill

Security audit

Weiyun Skills

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Weiyun cloud-drive management skill with expected file, sharing, deletion, and upload capabilities, but users should handle tokens and destructive actions carefully.

Install only if you intend to let the agent manage your Weiyun files. Use environment variables or mcporter config instead of passing tokens on the command line, confirm exact file paths before uploads, use passwords for share links, and require explicit confirmation before delete or permanent-delete actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents a bulk delete capability, including permanent deletion, without recommending explicit user confirmation, dry-run behavior, or clear warnings about irreversible effects. In an agent context, this increases the risk of accidental or prompt-induced destructive actions against user cloud storage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The share-link tool exposes files or folders externally, yet the documentation lacks a prominent privacy/security warning about accidental public disclosure, password use, scope of exposure, and link handling. In an agent workflow, a user could be induced to generate a share link without understanding that sensitive cloud content may become accessible outside the account.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The usage examples encourage users to pass the MCP token directly on the command line, which can expose credentials through shell history, process listings, CI logs, and terminal recordings. This is especially risky because the token is a live authentication secret used to authorize file operations against the cloud service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.secret_argv_exposure

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
references/upload_protocol.md:145

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
SKILL.md:404