智能照护排班

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate care-scheduling tool, but it needs Review because its optional AI mode asks for a third-party API key and can send staff roster details to DashScope without clear skill-level disclosure.

Review before installing if you handle real staff data. Use the local mode by leaving the API key blank unless you are comfortable sending staff names and scheduling rules to DashScope under your own API key. If exporting CSV, treat the file as sensitive because it contains personnel and shift information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 82% confidence
Finding: The skill appears to use file export and outbound network access without declaring those capabilities. That creates a transparency and consent problem: caregivers' names, scheduling details, or operational data could be written to files or sent externally without clear permission boundaries or user awareness. In a养老机构 context, staff rosters and work patterns are operationally sensitive, so hidden capability use is more concerning than in a toy/demo skill.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The stated behavior is simple conversational scheduling, but the actual behavior reportedly includes sending employee names, dates, and scheduling rules to an external cloud service, collecting a third-party API key, and exporting CSV. This mismatch is dangerous because users are not adequately informed that sensitive workforce data may leave the local environment or that credential handling is involved, increasing the risk of privacy, compliance, and secret-exposure issues. Given the care-facility setting, staffing data may reveal operational patterns and personnel information, making undisclosed exfiltration more serious.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The skill sends staff names, scheduling constraints, and generated roster data to an external AI service, which exceeds what users would reasonably expect from a local conversational scheduling tool unless clearly disclosed. This creates privacy and data-governance risk because staffing data may be sensitive operational information and is transmitted off-device to a third party.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The UI requests an external AI API key even though the stated purpose is simply to generate schedules, and there is no clear trust boundary explanation or disclosure of what data will be sent when the key is used. Collecting third-party credentials in-app can mislead users and encourages them to connect the skill to an external service without adequate security context.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: Sensitive staff data and scheduling details are sent to an external AI API without a clear user-facing warning, consent flow, or privacy disclosure. In a care-facility scheduling context, staffing rosters can reveal personnel identities and operational patterns, making undisclosed third-party transmission more serious than in a generic demo app.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal