Back to skill

Security audit

Pricing Engine

Security checks across malware telemetry and agentic risk

Overview

The skill matches its pricing and quotation purpose, but it needs review because it executes local quotation workflow scripts and stores customer-linked pricing data on disk without strong scoping or retention controls.

Install only if you trust the publisher and the local quotation-workflow dependency. Before production use, verify QUOTATION_WORKFLOW_ROOT points to a reviewed directory, prefer preview or DRY_RUN first, keep output and history files in a protected location, and define a retention/deletion process for customer pricing records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill documents use of environment variables and operational capabilities, but no explicit permissions model is declared. In an agent setting, this can cause operators to grant broader runtime access than expected and makes it harder to review whether environment-derived secrets or configuration will be read safely.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The declared description frames the skill as a pricing engine, but the documented behavior also includes external network access, persistent storage of quote history, approval-state handling, customer-specific override logic, and downstream document generation. This mismatch can mislead deployers about the trust boundary and data flows, increasing the chance of unintended exposure of customer pricing data or unsafe execution of dependent tooling.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Allowing PRICE_HISTORY_FILE to control an arbitrary read/write path creates a filesystem access risk if an attacker can influence environment variables or deployment configuration. The module will append records to, and read from, any path provided, which can overwrite or pollute unintended files, expose sensitive local file contents through the query path, or be abused via symlink/path manipulation in shared environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Automatically recording quotation history creates persistent storage of customer identifiers, SKU selections, quantities, and negotiated pricing without a clear warning or retention policy. That business data is commercially sensitive and could be exposed through local file access, backups, or later misuse if operators are not informed.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Enabling detailed logs to a local directory without warning about sensitive content can result in leakage of quotes, customer IDs, pricing rules, overrides, and approval states into easily overlooked files. Logs are often broadly accessible to support staff, backup systems, or other processes, so undocumented sensitive logging materially increases data-exposure risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code writes full quotation data, including customer identity/contact details, pricing, payment terms, and notes, to a JSON file on disk in `OUTPUT_DIR` without any consent, warning, retention control, or access restriction visible in this module. In a multi-user agent or shared host context, this creates a persistent local data exposure risk if output directories are readable by other users, indexed, backed up, or later exfiltrated.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
Quote history is automatically persisted for every generated quotation, linking SKU, quantity, pricing, customer ID, and quotation number without an explicit opt-in or privacy boundary in this code path. That creates an audit trail useful for business logic, but also increases the blast radius of any local compromise, unauthorized insider access, or accidental data sharing.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/quotation-integration.js:355