Back to skill

Security audit

Maxhub Sora2

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MaxHub/Sora2 API connector, with some privacy and confirmation caveats but no evidence of hidden or malicious behavior.

Install only if you intend to use MaxHub at https://www.aconfig.cn for Sora2 data and creation workflows. Use a dedicated API key, do not provide primary-account cookies or session tokens, avoid private or signed image URLs, and confirm before video creation, image upload, or download-related actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The index defines natural-language trigger phrases that can activate recipes, and several are broad enough to match common user utterances outside the intended workflow. In a read_write skill, accidental routing is more serious because ambiguous activation can steer the agent into multi-step API chains and, if confirmation handling elsewhere is weak, may lead to unintended downloads or content-creation actions.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Phrases like '看作者' and '谁发的' are highly ambiguous and could be invoked in many unrelated conversations, causing the agent to select the author-profile recipe without sufficient user intent validation. Because the chain graph encourages follow-on recipe execution, a mistaken first match can expand into broader data retrieval about a user than the user actually requested.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Single-concept triggers such as '二创' and 'Cameo' are underspecified and can match broad discussion topics rather than a concrete request to execute a recipe. In this skill, that increases the chance of unintended cross-domain chaining and excessive retrieval against user, post, or ranking endpoints, which is risky even if the initial action is nominally read-oriented.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This recipe exposes a downloadable video URL and explicitly supports downloading content, but the recipe text does not include a confirmation or warning step despite the skill metadata stating that create/upload/download capabilities require confirmation. In a read_write skill, omitting that safeguard increases the chance of unintended content acquisition, policy bypass, or user-surprising side effects around saving/exporting media.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The recipe forwards a user-supplied `image_url` into `upload_image` without any visible warning that the URL will be transmitted to the external MaxHub service at `https://www.aconfig.cn`. This can cause users to unintentionally disclose private, signed, intranet, or otherwise sensitive URLs, especially because the skill is explicitly read-write and supports media creation workflows where such inputs are common.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes very broad natural-language phrases such as “找用户”, which can cause the skill to activate on ordinary conversational requests without clear user intent to invoke this specific capability. In a read_write skill that can access user profiles and related content, over-broad matching increases the chance of unintended data retrieval and privacy-impacting actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Phrases like “社交关系” and “社交圈” are generic and may match broad user discussions rather than intentional requests to enumerate followers/following. Because this recipe retrieves relationship data, accidental invocation can expose social-graph information that users may not expect to be fetched.

Vague Triggers

Medium
Confidence
83% confidence
Finding
Terms such as “Cameo”, “出镜”, and “出镜记录” are highly generic and lack boundaries tying them to this platform or this recipe. This can lead to unintended calls for appearance-history lookup, creating unnecessary privacy exposure around a user's appearances or associations.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The recipes document bulk retrieval of profile, posts, followers, following, and cameo-related data without any privacy guidance, sensitivity labeling, or user-facing constraints. In a skill designed to query user information, the absence of such safeguards makes misuse and over-collection more likely, especially when paired with broad triggers.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill explicitly documents endpoints for retrieving user profiles, followers, following lists, and cameo appearances, but provides no privacy, consent, or legitimate-use guardrails for handling potentially sensitive social-graph data. In a read_write agent ecosystem, this omission can enable bulk enumeration, profiling, or stalking-style misuse even if the endpoints themselves are officially exposed by the upstream API.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.