Security audit

zhuocha

Security checks across malware telemetry and agentic risk

Overview

The skill matches its bid-deduplication purpose, but it needs Review because it can persist internal database decisions and documents a full-table wipe recovery path.

Install or use this only if you are authorized for the internal bidding databases. Treat the helper output as advisory, require human confirmation before any insert, do not run the documented TRUNCATE cleanup without a backup and admin approval, and fix the helper/script mismatch with the documented 5200 data-source workflow before relying on automated judgments.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: Embedding writeback behavior into a verification skill creates hidden side effects: a task framed as adjudication can directly persist decisions to a backend table. That increases the blast radius of mistakes, prompt misuse, or manipulated inputs because analysis output is immediately converted into durable state.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill explicitly instructs truncating the entire result table as a recovery path, which is a destructive operation unrelated to minimally necessary duplicate verification. If followed accidentally or under adversarial prompting, it can wipe all stored adjudication results and cause broad data loss and operational disruption.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The markdown presents full-table truncation as the practical remediation path without strong warnings, approvals, or safeguards, normalizing a dangerous destructive action. In an agent context, such instructions can be executed too readily, leading to preventable bulk data deletion from routine error handling.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal