QAnon帖子分析服务

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears to provide QAnon post lookup tools, but leftover Gaokao/school-service references and local API-key persistence create review-worthy uncertainty before installation.

Review this skill carefully before installing. Only provide an API key you are comfortable storing locally in a .env file and sending to the XiaoBenYang MCP API, and consider waiting for the publisher to remove the Gaokao/school leftovers, clarify the exact service and credential handling, and avoid raw response display by default.

SkillSpector (11)

By NVIDIA

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill content materially deviates from QAnon post analysis into gaokao/school-query behavior, indicating either copied instructions or a misrepresented integration. In a security context, this kind of intent drift is risky because it obscures the true external service, undermines user consent, and may route queries or secrets to an unintended backend.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The workflow example explicitly shows a school-search API call even though the declared tools are for QAnon post retrieval and analysis. This contradiction can mislead the model into invoking the wrong functions or interacting with unintended resources, increasing the chance of data leakage, wrong-service access, or abuse of a more generic API capability.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The project structure identifies the package as a gaokao skill, conflicting with the advertised QAnon analysis purpose. This is not just cosmetic: it signals that the deployed codebase may be reused from another project, making it harder to verify what network endpoints, data models, and credential paths are actually in use.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The configuration is clearly mismatched with the declared QAnon analysis skill: it uses an unrelated XBY/Gaokao service prefix, endpoint, and credential fields. This is dangerous because it suggests code reuse from another project and may cause the skill to access or request unrelated credentials, creating a supply-chain style trust problem and increasing the chance of accidental credential exposure or unauthorized service access.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill persists API credentials locally even though the described functionality is dataset search, filtering, and analysis. Storing secrets to disk expands the skill's capabilities beyond its apparent scope and creates a local credential exposure risk if the .env file is read by other processes, committed to version control, or included in logs/backups.

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The docstrings and comments describe an unrelated Gaokao skill rather than the declared QAnon post analysis service. In security review, this kind of identity mismatch is a serious integrity warning because it indicates the shipped code may not be the code users think they are installing, undermining informed consent and masking unrelated network or credential behavior.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill asks the model to solicit an API key from the user and persist it, but provides no warning about where the credential is stored, how long it persists, who can access it, or whether it will be sent to third parties. This weakens informed consent and increases the risk of credential mishandling, especially in a skill whose stated purpose already conflicts with its apparent implementation.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The instruction to display raw API data directly to the user skips any filtering or review for sensitive, unexpected, or malicious content. If the backend returns secrets, internal metadata, prompt-injection text, or personally sensitive records, the skill would expose them verbatim.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The code writes API keys to a local .env file without any user-facing disclosure, consent flow, or warning. This is dangerous because users may reasonably expect a research/search skill not to persist secrets to disk, and silent persistence increases the chance of unintended disclosure through filesystem access, backups, or source control.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The document creates a natural-language pathway for collecting a user secret and then storing it locally via `set_api_key`. That pattern is dangerous because it normalizes secret solicitation by the model and persistence to disk, increasing exposure to prompt abuse, accidental disclosure, and compromise of the local environment.

Ssd 3

Medium

Confidence: 93% confidence
Finding: Directly presenting the raw API response to the user creates an unreviewed data-exposure channel. Because the actual backend appears inconsistent with the declared purpose, this becomes more dangerous: users cannot reliably know what service generated the data or whether the response contains sensitive fields, unsafe text, or data from an unintended domain.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal