Back to skill

Security audit

commercial-market-report

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate market-report generator, but it needs review because it can use local API keys, browser context, and external searches without clear consent or tight scoping.

Install only if you are comfortable with the agent using local search/API keys, sending project and location terms to external services, and operating a browser-based research workflow. Use a dedicated browser profile and controlled output folder, and verify all financial and market figures before relying on the generated reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill directs the agent to read secrets from the local environment and generate files, but it does not declare those capabilities up front. Undeclared access to env and file-write expands the trust boundary invisibly and can surprise users or hosting platforms, increasing the risk of secret exposure or unintended local file creation.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs reading `TAVILY_API_KEY` from `~/.openclaw/.env`, which is a local secrets store. Even if intended for legitimate API use, teaching a skill to pull credentials from a user's filesystem creates a direct secret-access path that is broader than necessary for report generation and can be repurposed to exfiltrate sensitive data.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases include broad terms such as '生成报告' that can match many ordinary requests unrelated to this specialized workflow. Over-broad invocation can cause the skill to activate unexpectedly, leading to unwanted web searches, data collection, and file generation without clear user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow immediately instructs use of external services such as Amap, Tavily, Xiaohongshu, and Sogou/WeChat content, but the description does not clearly warn users that third-party services will receive project/location queries. Lack of disclosure weakens informed consent and can leak sensitive business context, project locations, or research interests to outside providers.

External Transmission

Medium
Category
Data Exfiltration
Content
调用:
```bash
curl -X POST https://api.tavily.com/search \
  -H "Authorization: Bearer <TAVILY_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{"query":"{城市} {区县} 商业市场 最新","max_results":5}'
Confidence
94% confidence
Finding
curl -X POST https://api.tavily.com/search \ -H "Authorization: Bearer <TAVILY_API_KEY>" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
调用:
```bash
curl -X POST https://api.tavily.com/search \
  -H "Authorization: Bearer <TAVILY_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{"query":"{城市} {区县} 商业市场 最新","max_results":5}'
Confidence
94% confidence
Finding
https://api.tavily.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.