Back to skill

Security audit

Maxhub Bilibili

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed Bilibili lookup tool, with the main caution that queries, API keys, and any optional VIP cookie are sent to MaxHub.

Install only if you are comfortable using MaxHub as a third-party processor for Bilibili lookups. Use a separate/low-risk Bilibili cookie for VIP playback, never provide a primary account session cookie, and require clarification or confirmation when a request could match multiple recipes or ask for high-resolution member-only playback.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The file explicitly claims that broad single-word triggers were removed, but the recipe table still contains short and ambiguous triggers such as “分P”, “大会员”, “收藏夹”, and “热门搜索”. That mismatch can cause the agent to over-trust the safety note and auto-invoke recipes, including higher-risk playback flows, on underspecified user requests.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Several triggers in this range are broad enough to match common conversational requests rather than a clearly scoped intent, which can lead to unintended recipe selection. Because the orchestration layer uses longest-match and automatic chaining, accidental activation can propagate into additional calls the user did not clearly authorize.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The triggers around these lines remain ambiguous in activation scope, especially for general discovery or entertainment phrasing like recommendations or live viewing. An agent could interpret a casual request as authorization to query profiles, rooms, or other linked data views without sufficient user intent confirmation.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The chaining guidance tells the agent to continue to downstream recipes using output fields directly and to avoid asking the user for repeated input. Without an explicit re-confirmation boundary, this can expand a narrow request into multi-step data access, including transitions toward more sensitive capabilities such as authenticated playback or broader user profiling.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases for the recipe are broad and underspecified, which can cause the agent to invoke this workflow for loosely related requests such as general discussion of live-stream categories or streamers. In an agent setting, ambiguous routing increases the chance of unintended external API calls and disclosure or processing of user-requested data outside the user's actual intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation description for live-room lookup is ambiguous enough that the agent may map generic requests like 'look at a live room' or 'live details' to this recipe without sufficient parameter certainty or user confirmation. That can trigger unintended chained API calls, producing room details when the user may have meant other live-related actions or needed a search/disambiguation step first.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The profile-oriented triggers are too general and overlap with multiple adjacent intents, such as room details, creator profiles, or broader user information requests. In this skill context, that ambiguity is more concerning because the recipe performs a cross-file chain from live-room data to user-profile retrieval, increasing the risk of over-collection or unintended enrichment beyond the user's explicit request.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "热搜" is broad and likely to match generic user intents that are not specifically asking for this recipe, which can cause incorrect routing or unintended invocation of the hot-search workflow. In an agent setting, overly broad trigger matching can reduce user control and lead to unexpected external API calls, though the skill is limited here to read-only public data so the impact is moderated.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases for the recipe include very short, generic terms like “分享链接” and “看主页”, which can match ordinary conversation and cause unintended skill activation. In an agent setting, overly broad semantic triggers can lead to unrequested retrieval of third-party profile data and unexpected external API calls to the configured service.

Vague Triggers

Medium
Confidence
79% confidence
Finding
Examples like “UP主视频” and “ta的视频” are ambiguous and can be triggered in normal discussion without clear user intent to invoke the skill. That raises the risk of accidental profile/post enumeration and unnecessary disclosure of public-but-unexpected user data through chained calls.

Vague Triggers

Low
Confidence
72% confidence
Finding
The stat-oriented triggers such as “UP主数据” and “粉丝数” are somewhat broad and may activate on casual questions lacking clear boundaries. While the underlying actions are read-only public-data lookups, ambiguous activation can still cause unintended data retrieval and external requests.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Phrases like “用户动态” and especially “ta的动态” are vague pronoun-based triggers that can match many conversations. This can cause the agent to infer a target incorrectly and fetch another person’s activity feed without the user clearly asking for a Bilibili lookup.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Trigger examples like “动态详情” and “看动态” are overly broad for a two-step flow that first enumerates a user’s dynamics and then fetches detail. Ambiguous activation can lead to unintended chaining, over-collection of content metadata, and extra external API usage based on weak conversational cues.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases for the VIP playback recipe include broad everyday terms like '高清' and '4K', which can cause the agent to route ordinary playback requests into a sensitive authenticated flow that requires a user cookie. In this skill's context, that increases the chance of unnecessary solicitation or use of sensitive credentials for requests that could often be satisfied by ordinary public playback endpoints.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.