Back to skill

Security audit

Bankai Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed DeepSeek-backed banking document drafting tool, with the main caution that banking inputs go to an external API unless a private endpoint is configured.

Install only if you are comfortable using your own DeepSeek API key and sending draft inputs to DeepSeek by default. For customer, account, transaction, regulatory, or internal bank data, configure a private OpenAI-compatible endpoint with --base-url before use, and always manually review generated drafts before submitting them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises broad natural-language activation such as '帮我写…/出个…/写一份…' without clear trigger boundaries, exclusion rules, or confirmation requirements. In an agent environment, this can cause accidental invocation from ordinary conversation or quoted text, leading the agent to process sensitive banking content or generate regulated documents when the user did not explicitly intend to run the skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends user-supplied JSON and generated prompts to an external DeepSeek API, but it does not present an explicit runtime warning, consent gate, or data-classification check before transmitting potentially sensitive banking content. In this skill context, inputs may include customer, institution, transaction, personnel, or internal document details, so silent external transmission creates a meaningful confidentiality and compliance risk.

External Transmission

Medium
Category
Data Exfiltration
Content
const __dirname = dirname(fileURLToPath(import.meta.url));
const { SCENARIOS } = await import(pathToFileURL(join(__dirname, '..', 'references', 'scenarios.mjs')).href);

const DEFAULT_BASE = 'https://api.deepseek.com/chat/completions';
const DEFAULT_MODEL = 'deepseek-chat';
const TEMP = 0.7;
const MAX_TOKENS = 8192;
Confidence
88% confidence
Finding
https://api.deepseek.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/bankai_write.mjs:96

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:38