Security audit
住宿顾问
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed Ziniao Browser automation helper that uses a local authenticated bridge, with sensitive capabilities that are expected for its purpose.
Install only if you trust the Ziniao local bridge and are comfortable giving the assistant authenticated control over Ziniao Browser sessions. Treat ZCLAW_API_KEY as a secret, review ~/.zclaw/config.json permissions, and use this skill only for stores or pages you intend the assistant to operate.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
52/52 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.