Efatura Tr

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Turkish e-invoicing helper with a disclosed lookup script, but users should understand it runs shell commands, contacts GİB, and creates a local cache.

Install only if you want a Turkish e-fatura assistant that can run a local lookup script. Before running lookups, make sure you are authorized to process the VKN/TCKN or company name, expect contact with GİB and a cache under your home directory, and verify tax obligations against official GİB sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill advertises shell-based capabilities and instructs execution of local scripts, but the manifest does not declare permissions or clearly disclose that command execution will occur. This creates a trust and consent gap: users and the platform may treat it as a passive informational skill while it can invoke code paths with filesystem/network side effects.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The declared purpose is an informational Turkish e-invoicing assistant, but the described/observed behavior includes local caching under the user's home directory, command-line taxpayer lookups, and promotional output. That mismatch is dangerous because it hides operational behaviors with privacy and persistence implications, preventing informed consent and making unexpected data handling more likely.

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The activation description is broad enough to trigger on many general Turkish e-invoicing topics, increasing the chance the skill activates when the user only wants neutral discussion rather than tool use. In this skill's context, overbroad triggering matters because the workflow can escalate from advice to shell script execution and external lookup behavior.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The usage scenarios enumerate common e-fatura topics but do not define boundaries for non-activation or when the skill should remain purely informational. Because the skill can run a script for lookup requests, vague triggering increases the risk of unnecessary tool invocation or user confusion about what actions are being taken.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill directs use of VKN, TCKN, and company-name lookup commands without any warning about handling sensitive identifiers, external querying, logging, or retention. In this context, taxpayer and identity identifiers can be personal or commercially sensitive, so undisclosed processing can expose users to privacy, compliance, and data minimization issues.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The workflow instructs the agent to execute a script on the user's behalf for query handling without first disclosing that a command will run. Hidden execution is risky because users may believe they are receiving a text answer while the skill performs filesystem/network operations and processes identifiers behind the scenes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal