Back to skill

Security audit

Maxhub Lemon8

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed read-only Lemon8 data lookup skill that sends user-provided queries to MaxHub, with privacy and ambiguity cautions but no evidence of malicious behavior.

Install only if you are comfortable sending Lemon8 links, IDs, keywords, and your MaxHub API key to https://www.aconfig.cn. Use it for explicit Lemon8 research tasks, avoid production cookies or session credentials, and be careful with follower/following and comment data because it may identify people.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The example instructs agents to extract a clearly unrelated field path (`$.data.bvid`) in a Lemon8 skill, which can cause downstream parameter confusion and unsafe chaining behavior. In practice this increases the chance an agent will use the wrong identifier, misroute data between endpoints, or start guessing replacement fields, undermining the skill's own anti-hallucination safeguards.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Telling the agent to load this skill on 'any request' creates an overly broad activation condition that can pull an external-network skill into unrelated conversations. That raises the risk of unnecessary third-party data handling, accidental credential use, and prompt-scope takeover where this skill's detailed procedure influences tasks outside Lemon8 analysis.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad, everyday phrases such as '看看帖子', '看看评论', and '看看主页', which can match normal conversational text and cause the agent to invoke a recipe the user did not explicitly intend. In this skill, recipe selection directly controls outbound requests to the MaxHub API, so ambiguous matching can lead to unintended data retrieval, privacy surprises, and incorrect multi-step chaining.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases for mapping a request into the user-profile recipe are broad enough that a generic request like '看看主页' or '用户链接' could activate this skill without clear evidence the user intended Lemon8-specific profile lookup. In a skill that fetches public user data from an external API, overly loose routing can cause unintended data retrieval, privacy surprises, and incorrect tool use across unrelated contexts.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The follower-list recipe is triggered by vague phrases like '用户粉丝' and '粉丝列表' without stronger constraints tying the request to Lemon8, a specific target user, or informed user intent. Because this recipe expands from profile lookup into relationship data retrieval, ambiguous activation increases the risk of unintended collection or exposure of public-but-sensitive social graph information.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documented endpoints enable retrieval of follower and following lists, which expose a user's social graph and can be used for profiling, targeting, or large-scale relationship mapping. Even if the data is described as public/read-only, the skill does not include any user-facing privacy warning, purpose limitation, or guidance to minimize collection of this sensitive metadata.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.