Security audit

商品表市场洞察分析

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real local product-table analysis tool, but it requests extra network-capable tools and automatic package installation despite saying data stays local.

Install only if you are comfortable with it running local Python, writing report files, and potentially installing Python packages. Treat uploaded product tables as sensitive: remove WebFetch/WebSearch from the skill or avoid using it with confidential data unless you trust the environment and approve any package installation first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill advertises that analysis is performed locally without online search or data enhancement, yet it enables WebFetch and WebSearch. That inconsistency creates unnecessary network-capable attack surface and can mislead users about data handling, especially when uploaded tables may contain sensitive business data.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: Declaring network tools while simultaneously stating that no online search or data enhancement occurs undermines the trust boundary of the skill. Even if not currently used, the extra permissions increase the risk of future misuse, accidental exfiltration, or user confusion about whether local business data stays local.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: Overly broad trigger phrases can cause the skill to activate in unintended contexts, leading to unexpected file handling, package installation prompts, or report generation. In a skill with Bash, Write, and dependency-install behavior, accidental activation increases operational and privacy risk beyond a purely UX issue.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Automatically installing Python packages modifies the local environment and executes package-manager operations without an explicit prior warning or approval step. This can introduce supply-chain risk, alter a user's system state unexpectedly, and violate least surprise for a data-analysis skill.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: Writing user-provided table contents to a temporary CSV creates a local persistence point for potentially sensitive commercial data. Without clearly informing the user and defining where the file is stored and when it is deleted, the skill can leave residual data on disk unexpectedly.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: Generating a standalone HTML report writes potentially sensitive market-analysis results to disk, which may persist after the session and be accessible to other local users or processes. The risk is amplified because the report may include detailed business insights derived from uploaded data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.