Back to skill

Security audit

Ifc Qto Extraction

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate BIM quantity-takeoff skill, but its automation example exposes local command execution and file writing to webhook-supplied paths without clear safeguards.

Review before installing or using in automation. Use only trusted BIM files and trusted converter binaries, keep outputs in a dedicated project directory, and do not expose the n8n webhook to untrusted callers unless model_path and output_path are strictly validated, constrained to approved directories, and protected against overwrites.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The n8n workflow executes a local exporter binary using a webhook-supplied model path, which exposes command-execution functionality to remote callers without any visible validation, authentication, or path restrictions. Even if the executable path itself is fixed, attacker-controlled arguments can be used to process unexpected files, access sensitive locations, or trigger dangerous behavior in the external tool, making this broader and riskier than simple QTO extraction.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The workflow writes a report to a caller-controlled output path, creating an arbitrary file write primitive. An attacker could overwrite application files, drop content into sensitive or served directories, or abuse network/share paths depending on the runtime environment and service permissions.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The instructions direct the skill to export Excel or CSV files but do not require explicit user confirmation, a chosen output path, or warnings about overwriting existing files. In a filesystem-enabled agent, this can lead to unintended file creation or replacement, especially if default paths are used or the agent infers a destination without clear user approval.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal