卡路里追踪服务

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This calorie-tracking skill should be reviewed because it saves an API key locally and contains leftover configuration for a different Gaokao service.

Install only if you are comfortable giving this publisher a Xiaobenyang API key and sending meal/calorie data to its API. Review or fix the Gaokao/高考 configuration leftovers first, and prefer a version that uses secure secret storage or clearly documents where the key is saved and how to remove it.

SkillSpector (7)

By NVIDIA

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill documentation describes capabilities that involve reading environment variables, writing local configuration, and making network calls, but it declares no corresponding permissions or user-facing notice. This creates a transparency and consent problem: users may provide secrets without understanding that the skill can persist them locally and access the network.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The stated purpose is calorie tracking, but the documented behavior also includes persisting API credentials to local files and process environment state. That extra credential-handling behavior is security-relevant and undisclosed in the description, increasing the risk of users exposing secrets they did not expect to be stored or reused.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The configuration is clearly for a different domain ('gaokao' / 小笨羊高考) than the declared calorie-tracking skill, including mismatched environment prefix, MCP identifiers, and comments. This kind of cross-skill artifact is dangerous because it can route the skill to unintended backends and cause unrelated credential handling or data flow, which is especially suspicious in a user-facing nutrition service.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The file reads, stores, and exposes an unrelated external API credential (XBY_APIKEY) despite the skill being described as a calorie tracker. In context, this mismatch increases the risk of hidden data exfiltration paths or unauthorized use of a third-party service that users would not reasonably expect from a food logging tool.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: Gaokao-specific docstrings and comments inside a calorie-tracking skill are a strong integrity signal that the component was copied from another project without proper review. While comments alone are not exploitable, here they corroborate a real configuration/domain mismatch that can mislead auditors and operators and hide unsafe behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to ask the user for an API key and save it locally, but it does not warn the user that their secret will be stored in local configuration. This undermines informed consent and can lead to credential leakage through local files, backups, or shared environments.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The code persistently writes the supplied API key into a local .env file without any warning, disclosure, or controls around file permissions. This creates a credential exposure risk because secrets remain on disk longer than necessary and may be readable by other local users, backup systems, logs, or accidental source control commits.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal