法院短信识别与文书下载

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent court-document workflow, but it automatically fetches and stores sensitive legal records, credentials, verification data, and full SMS/link metadata with limited user control.

Review before installing. This skill is intended for legal-document handling and may be useful, but it should only be used in a trusted workspace with client-confidential data controls. Confirm links and senders manually, avoid storing reusable delivery URLs or verification secrets, and remove bundled archive examples or any retained raw SMS/API records that are not strictly needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The skill instructs the agent to retrieve a lawyer's phone number from case-assignment data and use the last six digits as a verification code. That expands data access beyond the user-provided SMS and creates unnecessary access to sensitive case contact information, increasing privacy exposure and the chance of unauthorized use of related data.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill directs automatic creation of case directories and filesystem writes without an upfront user-facing warning or consent step. In a legal-document context, silent writes can store sensitive matter names, parties, and case numbers on disk in unintended locations, increasing confidentiality and data-retention risks.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises automatic downloading and archiving of court documents but does not clearly warn the user that sensitive legal data will be fetched from external systems and persisted locally. This weak transparency can lead users to disclose or process protected legal materials without informed consent about transmission and storage.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Writing processing details into an internal `.claude/skills/.../archive/` path creates an additional persistence layer for sensitive legal metadata without clearly informing the user. Hidden or non-obvious retention of court SMS contents, case numbers, and party details increases privacy, discovery, and data-governance risk.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The JSON records a live court-delivery URL with access parameters and shows the system automatically retrieved documents via curl and archived them, but there is no evidence of user confirmation, sender validation, scope restriction, or other activation boundary before fetching sensitive legal records. In this skill context, that is dangerous because a crafted or misdirected SMS link could trigger unauthorized access, mass ingestion of highly sensitive court documents, or SSRF-like outbound requests to attacker-controlled or spoofed endpoints if URL trust assumptions fail.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The archive format explicitly requires saving the full raw SMS and retaining download/API metadata, which can include names, case numbers, court identifiers, delivery records, and token-like parameters. In the context of court notifications, this is highly sensitive legal and personal data; storing it wholesale increases exposure in the event of local compromise, backup leakage, log access, or unintended sharing.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The specification says to fully preserve `sms_raw`, which may contain personally identifiable information, legal case details, court names, and timing information. Because this skill is designed for court SMS processing, the context makes the issue more dangerous: the retained content is not merely personal data but potentially confidential litigation-related information.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Persisting full download parameters and complete API responses can retain sensitive identifiers such as `qdbh`, `sdbh`, `sdsin`, document IDs, court metadata, and delivery timestamps. These values may enable replay, correlation, unauthorized lookup, or broader disclosure of litigation metadata if the archive is accessed by unintended parties.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Persistently logging user-provided court SMS data and extracted case details to a separate archive directory creates a durable secondary repository of highly sensitive legal information. If the environment is shared, backed up, or later accessed by other tools, this can expose case metadata and document-processing history beyond the user's expectations.

Ssd 3

High

Confidence: 98% confidence
Finding: The workflow explicitly extracts and uses account passwords, SMS verification codes, and alternate verification factors from messages and related case data. Handling authentication secrets in an automated agent materially increases the risk of credential misuse, account takeover, and unauthorized access to court-delivery systems, especially if logs or intermediate artifacts are retained.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal