腾讯广告妙问

Security checks across malware telemetry and agentic risk

Overview

This Tencent Ads assistant mostly does what it claims, but it handles live API tokens in an unsafe way and gives a broad API helper access to the stored token.

Install only if you intend to connect a Tencent Ads/Miaowen account. Do not paste API keys into chat; set or rotate the token locally through a safer mechanism, and be careful with API-mode requests until the helper enforces documented paths. Upload only files you are authorized to send to Tencent/Miaowen for audit.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (8)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document instructs the user to paste a live API token directly into a shell command, which is an unsafe credential-handling pattern. Tokens supplied on a command line can be exposed through shell history, process listings, logs, screenshots, or terminal recording, increasing the chance of credential leakage.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The script explicitly instructs users to paste their API token back into the agent flow so it can be 'automatically saved'. In an agent/skill environment, asking users to reveal bearer tokens in chat or tool inputs can cause credential disclosure through logs, transcripts, prompt history, or unintended downstream handling, enabling unauthorized API access.

Ssd 3

Medium

Confidence: 98% confidence
Finding: This repeated instruction again encourages the user to send a fresh token so the system can re-save it, reinforcing an unsafe credential-handling pattern. Because this skill accesses advertising account data, exposed bearer tokens could let an attacker or overly-permissive system query account information or perform other authorized API actions within the victim's Tencent Ads context.

Ssd 3

High

Confidence: 99% confidence
Finding: The script explicitly tells the user to paste their Token into the chat so it can be saved. That encourages disclosure of a bearer credential into a conversational channel that may be logged, retained, or visible to intermediaries, allowing unauthorized use of the Miaowen/Tencent Ads API if exposed.

Ssd 3

High

Confidence: 99% confidence
Finding: This recovery path repeats the same unsafe pattern by asking the user to paste a refreshed token into the conversation. Re-soliciting a secret during error handling increases the chance of credential leakage through chat transcripts, support systems, or agent memory and is especially risky because the token grants API access as a bearer token.

Ssd 3

High

Confidence: 99% confidence
Finding: The script explicitly tells the user to paste their API token to the assistant so it can save it automatically. This encourages disclosure of a bearer credential into a conversational channel, where it may be logged, retained, exposed to operators, or mishandled by downstream tooling; anyone obtaining the token could use the Miaowen API with the user's privileges.

Ssd 3

High

Confidence: 99% confidence
Finding: This repeats the same unsafe pattern for refreshed tokens, normalizing the practice of sending live credentials back to the assistant. In the context of an ad platform skill that can access account and reporting functions, compromise of the refreshed token could expose account data, enable unauthorized API actions, or facilitate broader account misuse.

Credential Access

High

Category: Privilege Escalation
Content: #!/usr/bin/env node // // setup_token.js — 将妙问 Access Token 保存到文件 // // 用法: node setup_token.js "<YOUR_TOKEN>" //
Confidence: 83% confidence
Finding: Access Token

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal