邮储银行易企收

Security checks across malware telemetry and agentic risk

Overview

This skill is a visible browser-navigation helper for a payment portal, with sensitive context but no evidence of hidden code, credential capture, persistence, or automatic financial changes.

Install only if you expect a skill that opens 易企收/PSBC payment-management pages. Before logging in or performing uploads, refunds, blacklist changes, or other business actions, verify the openpayment.psbc.cn domain and make sure the action is explicitly intended and authorized.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill registers on broad natural-language phrases like “打开易企收”, “了解缴费功能”, and “查看缴费模板”, which can match exploratory or ambiguous user requests and trigger browser automation without sufficiently explicit consent. In the context of a banking/payment-related service, unintended invocation is more sensitive because it can open financial portals or steer users toward operational workflows they did not clearly request.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill automatically opens external payment-related URLs but does not prominently warn users that it may navigate to banking/payment domains. This is risky because users may be redirected to sensitive financial sites unexpectedly, increasing the chance of confusion, consent bypass, or unsafe interaction with production login pages.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal