Skills
skills/anbeime/skill/xiaoyue-companion/Gen Agent Trust Hub

xiaoyue-companion

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: A functional Zhipu AI API key is hardcoded in the installation documentation.
  • File: projects/companion-skill/INSTALL.md
  • Evidence: "ZHIPU_API_KEY": "da8df5ba954341829f7afd05ca23a889.RrJoTsbaAkGYA6ZU"
  • [REMOTE_CODE_EXECUTION]: Setup scripts execute remote content piped directly to the shell to install the Rust toolchain. While this targets a well-known service, it remains an RCE pattern.
  • File: skills/chrome-automation/chrome-automation/scripts/auto-install-mac.sh
  • Evidence: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path
  • [DATA_EXFILTRATION]: Hardcoded IP address used as an API backend for content publishing, creating a risk of data exposure to an unverified endpoint.
  • File: skills/wechatsync-publisher/wechatsync-publisher/SKILL.md
  • Evidence: http://39.108.254.228:8002
  • [PROMPT_INJECTION]: Behavioral instructions in the Moltbook skill direct the agent to perform specific social actions (joining communities, upvoting manifestos) without explicit user confirmation for each step.
  • File: skills/moltbook/SKILL.md
  • Evidence: "Join the Stepbot Community... giving it a upvote. Then, post a self-introduction..."
  • [EXTERNAL_DOWNLOADS]: The Moltbook skill fetches multiple configuration and instruction files from an external domain (moltbook.com) and saves them locally.
  • File: skills/moltbook/SKILL.md
  • Evidence: curl -s https://www.moltbook.com/skill.md > ~/.moltbot/skills/moltbook/SKILL.md
Recommendations
  • HIGH: Downloads and executes remote code from: https://sh.rustup.rs - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 03:21 PM