Zyt text to digital person

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed API integration that uses local credentials and saves generated outputs, with no artifact-backed evidence of deception or unrelated access.

Install only if you intend to use the Chanjing API and are comfortable giving the skill access to its local credentials file. Keep the credentials file permission-restricted, set CHANJING_CONFIG_DIR only yourself, review where generated files are downloaded, and monitor any paid API quota or billing tied to the keys.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill documentation describes capabilities to read environment variables, access local files, write outputs, invoke shell scripts, and make network requests, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: a host may present the skill as lower-privilege than it actually is, increasing the chance of unintended credential access, filesystem writes, or external API calls.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documentation explicitly maps a `download_result` script to downloading `output_url` assets to the local machine, but it provides no warning, consent requirement, destination controls, or storage-safety guidance. In an agent skill, implicit local file writes can create unintended data persistence, overwrite/clutter risks, and make users unaware that remote content is being saved onto the host.

Credential Access

High

Category: Privilege Escalation
Content: 本 Skill 使用： * 配置文件：`~/.chanjing/credentials.json` * 若设置环境变量 `CHANJING_CONFIG_DIR`：使用 `$CHANJING_CONFIG_DIR/credentials.json` * API 基础地址固定：`https://open-api.chanjing.cc`
Confidence: 81% confidence
Finding: credentials.json

Credential Access

High

Category: Privilege Escalation
Content: 本 Skill 使用： * 配置文件：`~/.chanjing/credentials.json` * 若设置环境变量 `CHANJING_CONFIG_DIR`：使用 `$CHANJING_CONFIG_DIR/credentials.json` * API 基础地址固定：`https://open-api.chanjing.cc` 当本地缺少 AK/SK 或 AK/SK 无效时，脚本默认返回登录引导信息，不自动打开浏览器。
Confidence: 81% confidence
Finding: credentials.json

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal