Security audit

泽明订单制作

Security checks across malware telemetry and agentic risk

Overview

This skill embeds real-looking customer order and contact details while claiming to import DingTalk data, so it needs review before use.

Do not use this skill as-is for real order processing. Ask the publisher to remove the embedded customer data, replace it with placeholders or an authorized DingTalk lookup, mask sensitive fields by default, and clearly identify what the automatic second skill does before allowing workflow chaining.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill directly prints highly sensitive personal and transaction data, including full name, home address, phone number, approval ID, purchase details, and payment information, without any access control, masking, minimization, or privacy notice. In an agent or shared execution context, this creates a clear risk of unauthorized disclosure, social engineering, fraud, and privacy-law noncompliance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.