Security audit

社保公积金基数与比例查询

Security checks across malware telemetry and agentic risk

Overview

This skill is low-risk for system access, but it overclaims official nationwide, current policy data while the code only returns static mock data for three cities.

Install only if you treat it as a demo or placeholder. Do not rely on its results for payroll, benefits, legal, or compliance decisions unless the publisher replaces the mock data with verified official sources, shows effective dates and coverage, and clearly documents cache and update behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill declares no permissions while its documented behavior and detected capabilities include local file reads/writes and network access. This undermines user and platform trust because the skill can persist data and reach external resources without transparent permission disclosure, increasing the chance of unexpected data retention or network activity.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: The skill description materially overstates coverage and freshness, while the implementation reportedly only contains hardcoded data for a few cities and does not truly fetch the latest nationwide policy information. This is dangerous because users may rely on inaccurate or stale social security and housing fund figures for payroll, compliance, or benefits decisions, leading to financial and regulatory harm.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The skill advertises retrieval of the latest nationwide social insurance and housing fund data with automatic updates, but the implementation only returns a small hard-coded mock dataset and never contacts a real source. This creates an integrity and trust problem: users may rely on stale or incomplete regulatory/financial data for payroll or compliance decisions, causing operational or legal harm even though it is not a classic code-execution issue.

Intent-Code Divergence

Low

Confidence: 91% confidence
Finding: The code comments and behavior imply that the cache is refreshed to keep data current, but it simply re-saves the same static mock dataset. This can mislead operators into believing freshness guarantees exist when the cache only preserves outdated placeholder content.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill states that query results are automatically saved to a local cache but does not clearly disclose to users that their requested locations and retrieved policy data will be written to disk. Even if the data is not highly sensitive, silent persistence creates a privacy and transparency issue and can leave behind recoverable usage history on shared or managed systems.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises automatic monthly full-network updates without clearly warning users that it may perform ongoing autonomous outbound connections. Unannounced background network activity can violate user expectations, create compliance concerns in restricted environments, and increase exposure to external content or telemetry risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal