Labor Law

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it advertises Chinese labor-law lookup but also ships and documents a generic plaintext local logging tool.

Review carefully before installing. Use only the labor-law reference behavior if that is what you need, and avoid entering confidential employment, salary, contract, employee, or dispute details into the logging commands. Do not rely on the remove command to erase sensitive data unless the implementation is corrected and verified.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (9)

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The top-level documentation directly contradicts the manifest by presenting the skill as a general-purpose local data-entry and logging tool rather than a labor-law lookup skill. In an agent ecosystem, this can cause unintended invocation and overbroad access to local data workflows, especially because the documented commands include persistence, deletion, and export capabilities unrelated to the declared purpose.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The manifest promises a labor-law reference skill, but nearly the entire body documents a local data management utility. This is a substantive scope deception issue: users and orchestrators may trust the skill for safe legal lookup while it actually supports arbitrary entry storage, search, removal, and export, increasing the risk of misuse and unintended handling of sensitive local information.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: Commands for arbitrary local data tracking, deletion, export, configuration discovery, and status management are not justified by the claimed labor-law query use case. Even without explicit code shown here, documenting these capabilities under a misleading legal-assistance label normalizes unnecessary data handling and could lead an agent to store or expose sensitive employment-related information locally.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The implementation materially diverges from the declared labor-law purpose and instead exposes a generic local data utility with arbitrary add/search/export behavior. This mismatch is dangerous because users and orchestrators may grant or invoke the skill under the assumption it only performs legal lookups, while it silently persists and exposes unrelated local data operations.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The inline help explicitly brands the tool as a 'Multi-purpose utility tool,' contradicting the advertised labor-law skill. In a security context, misleading documentation increases the chance of inappropriate trust, broader-than-expected use, and accidental exposure of local data because operators cannot accurately judge what the skill really does.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill supports adding arbitrary entries, nominal removal actions, and full export of stored content even though none of these capabilities are necessary for a labor-law reference tool. In this context, extra data-management features expand the attack surface and enable storage and disclosure of user-provided data under a misleading, low-risk legal-assistant label.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill's description, heading, and opening documentation are internally inconsistent, making it unclear when the skill should be selected or what it will do. Ambiguous activation criteria are risky in agent systems because they can trigger the wrong tool in sensitive workflows, here potentially substituting a local logging utility where a legal-reference skill was expected.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The logging helper persistently records command activity to a history file under the user's data directory without clear disclosure, consent, or retention controls. This can capture sensitive legal queries or arbitrary user-supplied text, creating an avoidable privacy and confidentiality risk, especially because users would reasonably expect a labor-law lookup skill rather than local activity tracking.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The add command writes arbitrary user input to a persistent local database file without warning about where it is stored or how long it remains. Because the skill is presented as a labor-law assistant, users may unknowingly place sensitive employment details into local plaintext storage, which increases confidentiality and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal