Zsxq Fetch

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Knowledge Planet content fetcher, but it uses a live session cookie, saves private content locally by default, and includes guidance for reducing platform risk-control blocks.

Install only if you are comfortable giving the skill a live Knowledge Planet session token and allowing it to fetch and save private posts, images, and files to your local machine. Store ZSXQ_TOKEN only in a secure environment variable or secret store, consider setting download_attachments to false unless you need local copies, and avoid using it to bypass platform restrictions or access content you are not authorized to use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger example "帮我看看知识星球最新有什么内容" is broad natural language that overlaps with common user requests about checking recent content. In agent platforms that rely on semantic matching, this can cause the skill to auto-activate in situations where the user did not explicitly intend to invoke a private-content scraping tool, increasing the chance of unnecessary access to account-linked data.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code automatically downloads attachments and writes Markdown exports to local disk based on configuration, without an explicit consent prompt or strong safety interlocks at the point of execution. In an agent setting, this can cause unintended persistence of sensitive third-party content, local storage exhaustion, or writing regulated/private materials to unsafe locations even though the paths are partly configuration-controlled rather than attacker-controlled.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document instructs users to extract a live browser session token (`zsxq_access_token`) from developer tools and reuse it for API access, but it does not clearly label the token as a sensitive secret or warn against exposing, logging, or sharing it. In the context of a content-fetching skill, this credential grants access to the user's account/session and could enable unauthorized access to joined groups and private content if mishandled.

Ssd 2

Medium

Confidence: 97% confidence
Finding: 该段明确描述使用接近真实 Chrome 的请求头、动态 `X-Timestamp`、`X-Request-Id`，并在触发 1059 风控时建议升级到真实浏览器上下文请求方案。这属于对平台客户端校验/风控机制的规避指导，会鼓励将自动化访问伪装为官方或真实用户流量，增加未授权抓取、封禁绕过和合规风险。

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal