yuque-dl
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The helper script
scripts/download.shuses theevalcommand to execute a string constructed from user-supplied arguments, specifically the URL, token, and key values. This allows for arbitrary command execution if an attacker provides inputs containing shell metacharacters such as backticks, semicolons, or dollar-sign parentheses (e.g., providing a token like$(whoami)). - [CREDENTIALS_UNSAFE]: The skill's instructions and script encourage users to manually extract and provide their
_yuque_sessioncookie. While necessary for the tool's functionality, this credential provides full access to the user's Yuque account and is handled unsafely within the command-line arguments. - [COMMAND_EXECUTION]: The skill relies on the global installation of a third-party package
yuque-dlvia npm. The agent is instructed to execute this tool directly, which increases the attack surface if the package or the environment is compromised. - [COMMAND_EXECUTION]: The
SKILL.mdandscripts/download.shfiles contain a hardcoded absolute path/Users/lytton/mac_wps_clound/Obsidian笔记知识库/宝藏资源库/语雀知识库/. This path exposes the local username 'lytton' and the user's private directory structure, which is a data exposure concern.
Recommendations
- AI detected serious security threats
Audit Metadata