Back to skill

Security audit

噗滋慈善 - 文书助手 / pozzzi-charity document-assistant

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent NGO document drafting helper with expected model use and limited local metadata logging, not hidden data collection.

Before installing, confirm you are comfortable sending draft document content to your chosen model provider and keeping local generation metadata on the device. Avoid unnecessary personal data, especially minors' data, and have formal or legal documents reviewed by a qualified person before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation states that the provider does not contact or store user data, yet the skill later declares a local storage component for logs and history. This creates a material transparency and privacy mismatch: users may provide sensitive contract, meeting, or donor-related content under a false assumption that nothing is retained.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
This is a true privacy/security documentation inconsistency: the skill says the provider does not contact or store user data, but also documents local logging and history storage. For an NGO-focused document assistant, stored history may contain contracts, meeting notes, partner correspondence, and other sensitive operational data, increasing the risk of unauthorized retention or disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.