金蝶云星空 ERP Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent instruction-only Kingdee ERP helper, but users should handle ERP credentials and exported business data carefully.

Install only if you trust and control the Kingdee MCP server it will use. Confirm where MCP credentials are stored, avoid putting secrets in CLAUDE.md or other readable project notes, and treat exported ERP files as sensitive business records. For create, submit, audit, unaudit, or batch actions, require explicit user confirmation in your workflow before allowing the agent to change ERP state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill's trigger description is very broad, covering generic ERP operations, troubleshooting, field validation, and report generation. This can cause the skill to activate for loosely related requests and steer the agent into using powerful ERP/MCP tooling in contexts where the user did not explicitly intend system access, increasing the chance of unintended data exposure or state-changing actions.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs the agent to write large query results directly to local files such as /tmp without an explicit warning, consent step, retention guidance, or sensitivity check. In an ERP context, those files may contain customer, supplier, inventory, or financial data, so silent local persistence increases the risk of unauthorized disclosure, accidental reuse by other tools, or data retention beyond user expectations.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The workflow explicitly recommends exporting potentially sensitive sales data to local files such as /tmp/sales_2025.ndjson and using disk-based processing, but it does not require user confirmation, data minimization, retention limits, or any warning that customer and sales records are being persisted outside the ERP query flow. In an agent context, writing business data to disk can increase exposure through insecure temporary storage, later reuse by other processes, or accidental inclusion in logs and artifacts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal