Zyt credentials guard

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Chanjing credential setup guide with disclosed local credential handling and no hidden executable behavior.

Install only if you intend to manage Chanjing API credentials locally. Keep ~/.chanjing/credentials.json private, avoid committing or sharing it, verify the Chanjing API domain before token refresh, and rotate keys if they are ever pasted into chat or exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The document explicitly describes where long-lived credentials and access tokens are stored on disk, including the exact JSON fields and default path, but provides no guidance on file permissions, redaction, logging hygiene, or avoiding accidental disclosure. In a credential-handling skill, this omission increases the chance users will store, copy, or expose sensitive keys insecurely, making credential theft or unauthorized API access more likely.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal