Back to skill

Security audit

QC Data Processor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed QC data analysis MCP server, with no evidence of hidden exfiltration or destructive behavior, but it should only be used with trusted local data files and controlled dependencies.

Install only in an environment where the MCP server can access the QC files you intend to analyze. Avoid pointing it at sensitive unrelated files, and prefer pinning or locking dependencies to reviewed versions before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger keyword list includes broad, common terms such as "日报", "周报", and "客诉", which can match routine business conversations unrelated to SPC or reliability analysis. This increases the chance of unintended skill activation, causing the agent to route user requests to this skill inappropriately and potentially expose local file-processing behavior or produce misleading analysis in the wrong context.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The function trusts `_file_path` from `data_schema` and directly opens it with `pd.read_csv`/`pd.read_excel` without validation, restriction, or user disclosure. In an MCP/server context, this can become arbitrary local file read, allowing a caller to access unintended files on the host if they can influence `data_schema`.

Unpinned Dependencies

Low
Category
Supply Chain
Content
mcp>=1.0.0
pandas>=2.0.0
openpyxl>=3.0.0
numpy>=1.24.0
Confidence
90% confidence
Finding
mcp>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
mcp>=1.0.0
pandas>=2.0.0
openpyxl>=3.0.0
numpy>=1.24.0
scipy>=1.10.0
Confidence
87% confidence
Finding
pandas>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
mcp>=1.0.0
pandas>=2.0.0
openpyxl>=3.0.0
numpy>=1.24.0
scipy>=1.10.0
reliability>=0.8.0
Confidence
87% confidence
Finding
openpyxl>=3.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
mcp>=1.0.0
pandas>=2.0.0
openpyxl>=3.0.0
numpy>=1.24.0
scipy>=1.10.0
reliability>=0.8.0
Confidence
86% confidence
Finding
numpy>=1.24.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=2.0.0
openpyxl>=3.0.0
numpy>=1.24.0
scipy>=1.10.0
reliability>=0.8.0
Confidence
86% confidence
Finding
scipy>=1.10.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openpyxl>=3.0.0
numpy>=1.24.0
scipy>=1.10.0
reliability>=0.8.0
Confidence
86% confidence
Finding
reliability>=0.8.0

Known Vulnerable Dependency: mcp==1.0.0 — 3 advisory(ies): CVE-2025-53366 (MCP Python SDK vulnerability in the FastMCP Server causes validation error, lead); CVE-2025-66416 (Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection); CVE-2025-53365 (MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to )

High
Category
Supply Chain
Confidence
98% confidence
Finding
mcp==1.0.0

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.