Security audit

Zyt customised person

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chanjing API helper, but it handles local API credentials and deletion of digital-human assets, so users should install it only with careful credential and deletion controls.

Install only if you intend to use Chanjing with the videos you upload and can protect the local app_id, secret_key, and cached token. Keep CHANJING_CONFIG_DIR pointed at a private trusted directory, do not paste credentials into chat or logs, verify the missing operational scripts before relying on the CLI examples, and confirm the exact person ID before any delete action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill advertises and relies on capabilities including environment access, local file read/write, shell execution, and outbound network calls, but does not declare permissions or clearly scope those operations. In an agent environment, this reduces transparency and policy enforcement, making it easier for the skill to access local secrets and invoke external services without explicit approval boundaries.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The examples document a direct delete command for a custom digital human without any warning, confirmation step, or note that the action is destructive and may be irreversible. In an agent or CLI context, users may copy-paste examples verbatim, increasing the chance of accidental deletion of assets or production resources.

Credential Access

High

Category: Privilege Escalation
Content: 本 Skill 使用： * 配置文件：`~/.chanjing/credentials.json` * 若设置环境变量 `CHANJING_CONFIG_DIR`：使用 `$CHANJING_CONFIG_DIR/credentials.json` * API 基础地址固定：`https://open-api.chanjing.cc`
Confidence: 94% confidence
Finding: credentials.json

Credential Access

High

Category: Privilege Escalation
Content: 本 Skill 使用： * 配置文件：`~/.chanjing/credentials.json` * 若设置环境变量 `CHANJING_CONFIG_DIR`：使用 `$CHANJING_CONFIG_DIR/credentials.json` * API 基础地址固定：`https://open-api.chanjing.cc` 当本地缺少 AK/SK 或 AK/SK 无效时，脚本默认返回登录引导信息，不自动打开浏览器。
Confidence: 94% confidence
Finding: credentials.json

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal