Back to skill

Security audit

invoice-merger

Security checks across malware telemetry and agentic risk

Overview

This is a local invoice/PDF/image merging tool with disclosed file output and preview-opening behavior, with no evidence of hidden data access or exfiltration.

Install this only if you want a tool that reads PDFs/images from a folder you choose, creates merged PDFs in a dated subfolder, and opens the generated result in your default viewer. Use a dedicated folder containing only files you intend to merge, and consider a Python virtual environment for the pypdf and Pillow dependencies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documentation indicates shell-capable behavior such as invoking external programs to open the generated output, but it does not declare corresponding permissions. Undeclared execution-capable behavior reduces transparency and can bypass user expectations or policy controls, especially in agent platforms that rely on permission metadata for safety decisions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The advertised behavior centers on file merging, but the skill also performs a system-affecting action by automatically opening the output via OS-specific mechanisms. That mismatch matters because launching external applications can trigger unexpected side effects, and the claim about skipping 'historical merged files' is narrower in practice, which may mislead users about what will or will not be processed.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example trigger phrases are broad natural-language requests such as merging files in a directory, which can easily match ordinary conversation and cause the skill to activate when the user did not intend to run a file-writing workflow. In this skill's context, unintended activation is more dangerous because the tool writes output into the target directory and may automatically open the generated PDF afterward.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The top-level description emphasizes convenience but does not clearly warn that the skill writes merged PDFs into the input directory and auto-opens the generated file. This reduces informed consent and can surprise users with filesystem modifications or application launches, which is especially risky in agent environments where users may not expect side effects from a documentation-described action.

Missing User Warnings

Low
Confidence
78% confidence
Finding
Automatically opening the generated file is a system-affecting action, and the warning in the description is not prominent enough to ensure informed user consent. While the action is limited and aligned with the skill's purpose, unexpected application launch can still be abused in sensitive environments or violate least-surprise expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.