Back to skill

Security audit

eKYC Suite Media Labeling

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud client for user-authorized KYC media labeling, with expected upload behavior and some dependency/privacy hygiene to review.

Install only if you trust the configured eKYC Suite Cloud endpoint and have permission to send the selected media there. Treat returned labels as review signals, keep human review for sensitive cases, and consider pinning or constraining the requests dependency in controlled deployments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares environment variables and documents execution of a Python script that reads local media files and sends results to a cloud backend, which implies env, file_read, and network capabilities without an explicit permissions declaration. This creates a transparency and governance gap: agents or platforms may under-enforce policy, and users may not understand that sensitive KYC media and API credentials are being accessed and transmitted off-host.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The skill uploads either local file contents or a provided URL reference to a remote cloud service, along with optional environment-derived metadata headers, but the code provides no in-band disclosure, confirmation prompt, or explicit privacy guardrails before transmission. In an agent setting handling sensitive eKYC media, silent cloud transmission increases the risk of unexpected data sharing, privacy violations, or policy noncompliance.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Confidence
93% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests==2.31.0 — 6 advisory(ies): CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi); CVE-2026-25645 (Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility func) +3 more

Medium
Category
Supply Chain
Confidence
89% confidence
Finding
requests==2.31.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.potential_exfiltration

Python code base64-encodes a local file and sends it over the network.

Critical
Code
suspicious.potential_exfiltration
Location
scripts/media_labeling.py:41