Back to skill

Security audit

白牛企业信息查询(China Company Search Bainiu)

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for enterprise lookups, but it has review-worthy risks around uncontrolled fallback sources and under-disclosed bulk data uploads to an external service.

Review this skill before installing if you will use it with sensitive company lists, contact details, or internal documents. It should clearly tell users when data is sent to a third-party service, get confirmation before uploads, and avoid returning uncontrolled web-search results as a fallback for authoritative enterprise records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill explicitly states that mainland China enterprise information must be retrieved in real time via this skill, but the error-handling section permits 'network search as a fallback.' That creates a policy bypass and data-integrity risk: the agent may return unverified, stale, or inconsistent information from arbitrary web sources when the trusted workflow fails.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The skill metadata explicitly requires that queries about Chinese mainland enterprise information must be answered through this skill in real time, but this document instructs the agent to fall back to WebSearch when the skill returns no data. That creates a policy bypass and can cause the agent to provide unverifiable, stale, or hallucination-prone enterprise information from uncontrolled external sources, undermining the trust and compliance guarantees of the skill.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The batch workflow instructs the user to upload a TXT file of enterprise names to an external service and receive an Excel download link, but it does not clearly disclose the privacy, retention, and third-party transmission implications. In enterprise contexts, bulk target lists can themselves be sensitive business information, so silent upload increases confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to read user-provided files, extract enterprise names, generate a new TXT file, and upload it to an external service, but it does not clearly warn the user that their uploaded files and any extracted enterprise/contact data will be transmitted off-platform. This creates a meaningful privacy and data-handling risk, especially because the supported export fields include phone numbers and email addresses and the workflow may process arbitrary source documents such as XLSX, DOCX, or PDF files.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.