Back to skill

Security audit

商品表市场洞察分析

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a real local product-table analysis tool, but it requests extra network-capable tools and automatic package installation despite saying data stays local.

Install only if you are comfortable with it running local Python, writing report files, and potentially installing Python packages. Treat uploaded product tables as sensitive: remove WebFetch/WebSearch from the skill or avoid using it with confidential data unless you trust the environment and approve any package installation first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill advertises that analysis is performed locally without online search or data enhancement, yet it enables WebFetch and WebSearch. That inconsistency creates unnecessary network-capable attack surface and can mislead users about data handling, especially when uploaded tables may contain sensitive business data.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
Declaring network tools while simultaneously stating that no online search or data enhancement occurs undermines the trust boundary of the skill. Even if not currently used, the extra permissions increase the risk of future misuse, accidental exfiltration, or user confusion about whether local business data stays local.

Vague Triggers

Medium
Confidence
76% confidence
Finding
Overly broad trigger phrases can cause the skill to activate in unintended contexts, leading to unexpected file handling, package installation prompts, or report generation. In a skill with Bash, Write, and dependency-install behavior, accidental activation increases operational and privacy risk beyond a purely UX issue.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automatically installing Python packages modifies the local environment and executes package-manager operations without an explicit prior warning or approval step. This can introduce supply-chain risk, alter a user's system state unexpectedly, and violate least surprise for a data-analysis skill.

Missing User Warnings

Low
Confidence
84% confidence
Finding
Writing user-provided table contents to a temporary CSV creates a local persistence point for potentially sensitive commercial data. Without clearly informing the user and defining where the file is stored and when it is deleted, the skill can leave residual data on disk unexpectedly.

Missing User Warnings

Low
Confidence
87% confidence
Finding
Generating a standalone HTML report writes potentially sensitive market-analysis results to disk, which may persist after the session and be accessible to other local users or processes. The risk is amplified because the report may include detailed business insights derived from uploaded data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.