Back to skill

Security audit

eKYC Suite Face Compare

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward cloud face-comparison skill that discloses its biometric image workflow and shows no hidden persistence or unrelated behavior.

Install only if you intend to send consented face images to your configured eKYC Suite Cloud endpoint. Confirm the backend's retention, access, and compliance terms, keep EKYC_CLOUD_API_KEY private, and prefer a locked patched requests version before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and operationally requires sensitive capabilities—environment access for API credentials, local file reads for image input, and network access to a cloud backend—but does not declare permissions explicitly. This creates a transparency and governance gap: agents or reviewers may approve or run the skill without understanding that local files and secrets can be accessed and transmitted externally.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill transmits highly sensitive biometric images plus several environment-derived identifiers to a remote cloud service, but the script itself provides no explicit runtime disclosure, consent check, or minimization control. In an agent setting, that increases the risk of users or integrators sending regulated personal data without realizing what metadata is also being shared.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Confidence
98% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests==2.31.0 — 6 advisory(ies): CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi); CVE-2026-25645 (Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility func) +3 more

Medium
Category
Supply Chain
Confidence
89% confidence
Finding
requests==2.31.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.potential_exfiltration

Python code base64-encodes a local file and sends it over the network.

Critical
Code
suspicious.potential_exfiltration
Location
scripts/face_compare.py:40