影刀

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Yingdao RPA API wrapper, but it can start real remote automation jobs with account credentials and lacks built-in execution guardrails.

Review before installing if these Yingdao credentials can start production automations. Use limited-scope or test credentials, require manual approval before task starts, and restrict which task UUIDs the agent may run; do not rely on the documented idempotency claim unless you add or verify duplicate-run protection.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill declares that it requires environment variables containing API credentials and documents outbound API access, but it does not expose an explicit permissions declaration for sensitive capabilities like env and network. This creates a transparency and governance gap: a user or platform may not realize the skill can read secrets and send them to remote endpoints, increasing the chance of over-privileged installation or misuse if the implementation is later modified or behaves unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal