Back to skill

Security audit

Maxhub Zhihu

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed read-only Zhihu data lookup skill that sends user queries and IDs to MaxHub, with some privacy and routing caveats but no evidence of hidden, destructive, or deceptive behavior.

Install only if you are comfortable sending Zhihu keywords, user identifiers, URLs, and your MaxHub API key to MaxHub. Avoid providing primary account cookies or session tokens, use the skill for authorized/public-data analysis, and be cautious with ambiguous prompts that could trigger user or social-graph lookups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example trigger phrases are very broad, including generic terms such as '查知乎', '知乎用户', and '知乎搜索'. In an agent environment, overly generic activation phrases can cause the skill to be invoked unintentionally during normal conversation, leading to unnecessary external requests and possible disclosure of user queries to the third-party API endpoint.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger keyword "找人" is generic everyday language and can easily match user intents that are not specifically requesting Zhihu user search. In an agentic routing system, this can cause unintended recipe activation, leading to incorrect tool use, unnecessary external API calls, and possible retrieval of user-profile data when the user did not clearly request that workflow.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase “热门问题” is broad enough to match user requests that simply ask about popular questions, even when the user did not intend the specific hot-list workflow. In an agent setting, this can cause incorrect tool routing and unintended data retrieval, which is a genuine security/control issue because the skill may act on ambiguous intent without adequate disambiguation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase “找人” is overly broad everyday language and can cause the skill to activate in contexts unrelated to Zhihu user search, such as general requests to locate or identify a person. In a skill that exposes user-profile lookup via url_token, this increases the chance of unintended retrieval of user data or misrouting sensitive requests into the Zhihu user search flow.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The AI search triggers “AI搜索” and “智能搜索” are ambiguous and do not constrain source, scope, or allowed query types, making it easy for unrelated user requests to be routed into an opaque AI-search workflow. Because this recipe sends arbitrary message_content to a remote API and then retrieves generated results, vague activation language increases the risk of unintended data disclosure, prompt routing mistakes, or misuse of a broader backend capability than the user expected.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases for this recipe are very broad and can cause the agent to invoke user-profile and article retrieval for loosely related requests. In a skill that accesses public content and user data, ambiguous activation boundaries increase the chance of collecting or surfacing personal/profile information beyond the user's actual intent, which can create privacy and overcollection risks.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The social-graph trigger phrases are especially sensitive because terms like '用户关注' or '社交圈' can match broad user requests and lead the agent to fetch followee/follower data without sufficiently explicit consent or need. Social-graph data is more privacy-sensitive than general content lookup, so ambiguous routing can enable unintended profiling, relationship mapping, or surveillance-oriented use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file documents multiple endpoints for retrieving user-related Zhihu data including followers, followees, articles, subscriptions, and recommendations, but provides no privacy or data-handling warning despite clearly enabling profiling and relationship mapping. In a skill explicitly marketed for KOL analysis, public-opinion monitoring, and marketing insight, this omission increases the risk that agents or operators will collect and aggregate personal data without applying minimization, consent, or jurisdictional privacy safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.