Back to skill

Security audit

Maxhub Weibo

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, read-only Weibo data lookup skill that sends queries to MaxHub, with privacy-sensitive use cases users should handle carefully.

Install only if you are comfortable sending your MaxHub API key and Weibo IDs, links, and search terms to MaxHub. Use explicit Weibo-specific prompts, avoid providing cookies or session credentials, and be careful with follower lists, likes, comments, and collections because aggregating public social data can still affect privacy and legal compliance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
This recipe exposes a path to retrieve a user's video collection/favorites, which may go beyond the skill's stated public social-data and read-only analytics purpose. Even if the underlying API is read-only, favorites/collections can reveal sensitive behavioral preferences and may not be appropriate to surface without a clear public-data justification, consent boundary, or scope restriction.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger keyword "看评论" is very generic and can easily match ordinary user phrasing outside a clearly intended Weibo workflow. In an agent skill, overly broad triggers can cause unintended recipe activation, leading the agent to perform external API queries and disclose or process social data the user did not explicitly mean to request.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger "看转发" lacks source or object scoping, so common conversational text could accidentally invoke the repost-detail recipe. Because this skill chains API calls and reuses derived identifiers, an unintended invocation can cascade into additional data retrieval beyond the user's precise request.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrase "看点赞" is ambiguous and may refer to many contexts unrelated to Weibo, increasing the chance of accidental skill execution. In this read-only but data-fetching skill, accidental activation still matters because it can trigger external requests and expose engagement-related information without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger "看回复" is especially broad because it can apply to email, chat, comments, or many other domains, making false activation likely. Given the recipe chaining guidance in this index, an accidental match could pull comment-reply data and encourage additional downstream calls, increasing unintended data access.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The keyword "收藏夹" is common UI/navigation language and is not uniquely tied to the user-video-collection recipe, so it may collide with unrelated user requests. In this skill, such ambiguity is more dangerous because the agent is explicitly instructed to auto-select recipes by trigger matching, which increases the likelihood of unintended external lookups.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "推荐" is highly generic and can appear in many normal user utterances unrelated to Weibo homepage recommendations, increasing the chance of unintended recipe activation. In an agent setting, this can route the conversation into fetching third-party social data the user did not clearly request, causing scope confusion and potentially unnecessary data access or misleading outputs.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases "作者" and "博主主页" are ambiguous because they are common conversational terms that do not reliably indicate a request for a Weibo author-profile lookup. This can cause the agent to invoke profile-retrieval flows without sufficiently specific user intent, leading to unintended access to user-profile data and incorrect tool routing.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases for this recipe are broad enough that ordinary user requests about search or trending topics could match unintentionally, causing the agent to invoke a workflow the user did not clearly request. In a social-data skill, this can lead to over-collection of public profile/post data, unnecessary external requests, and action selection that bypasses more precise user confirmation.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The advanced-search trigger is underspecified and can be activated by vague phrases like 'advanced search' or 'filtered search' without clear parameter constraints. That ambiguity increases the chance the agent will infer missing filters or launch broader searches than intended, which is risky in a skill designed to retrieve social-media content and user data from an external API.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger phrase '收藏夹' is overly broad and can match generic requests unrelated to Weibo or this skill's intended analytics scope. That increases the chance of accidental invocation and unintended access to sensitive collection/favorites data, especially when paired with a recipe that targets user-specific saved content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly enables broad retrieval of public Weibo user data including profiles, followers, following, posts, albums, and other user-linked content, but the documentation shown here does not include any user-facing privacy notice or usage constraints. Even when data is public, aggregating and operationalizing it through an agent materially increases privacy and profiling risk, especially for surveillance, KOL mapping, and large-scale social graph analysis.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The authentication section tells users to send a Bearer API key to an external domain, but does not prominently disclose that both the credential and queried user identifiers/content are transmitted to a third-party service at https://www.aconfig.cn. This can mislead users about trust boundaries and data handling, increasing the chance that sensitive search targets, account identifiers, or operational metadata are sent off-platform without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.