Shuzhi Open

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated legal evidence and e-signature purpose, but it handles sensitive identity and contract data with under-scoped privacy controls that warrant Review before installation.

Review before installing. Use this only in a trusted workspace for users authorized to handle the contracts and signer identities involved. Prefer the interactive paths, avoid putting ID numbers or phone numbers in command-line arguments, treat generated download links as sensitive, and confirm what data will be uploaded or anchored before running certificate or signing workflows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The documentation gives conflicting instructions for the source of blockchainHash, saying it comes from one field and then warning to use a different field. In a legal-evidence and certificate workflow, this can cause callers to bind the wrong on-chain identifier into generated records, undermining integrity, traceability, and later verification.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script persists a sensitive certificate download URL to last-download-link.txt in the current working directory without explicit user consent, access control, or any warning. If the working directory is shared, synced, logged, or later accessed by another local user/process, the link may be exposed and used to retrieve certificate material or related evidence artifacts.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The script transmits personally identifiable information such as applicantName and applicantAccount to external blockchain and certificate services, and also logs related data locally, without any consent flow, minimization, masking, or warning to the operator. In this skill's context, the data is being anchored to a chain-based evidence workflow, which can increase privacy risk because blockchain-related records are often difficult or impossible to retract once submitted.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The command-line path accepts highly sensitive personal data such as ID card numbers, phone numbers, and signer metadata via process arguments. On many systems, command-line arguments are exposed through shell history, process listings, audit logs, and job runners, which can leak this data to other local users or operational tooling even if the script itself behaves as intended.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The configuration-file mode loads sensitive signer information and contract contents from disk and then processes/uploads them without any explicit disclosure, confirmation, or guidance on safe handling. In this skill context, the data includes identity documents, contact details, and legal contract files, so silent bulk processing increases the chance of accidental overexposure, insecure storage, or unintended transmission to the remote signing platform.

Ssd 3

High

Confidence: 98% confidence
Finding: The validation flow instructs the system to reveal the system-recorded enterprise name or personal name associated with a supplied credit code or ID number when there is a mismatch. This creates an identity enumeration and privacy leak that can disclose sensitive personal or organizational data to unauthorized requesters, which is especially dangerous in a signing workflow handling legal identities and government identifiers.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal