Back to skill

Security audit

广州日报/融媒云通用测试助手

Security checks across malware telemetry and agentic risk

Overview

This is a coherent QA testing helper, but it can send live test traffic and may auto-install a Python dependency if requests is missing.

Install this only for authorized QA work. Preinstall requests in a controlled environment if you want to avoid automatic pip changes, treat tokens and headers as sensitive, and do not run security, performance, POST, PUT, or DELETE tests against production or third-party systems without explicit permission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
"""检查依赖"""
    if not HAS_REQUESTS:
        print("⚠️ 缺少 requests 库,正在安装...")
        subprocess.run([sys.executable, "-m", "pip", "install", "requests", "-q"], check=True)
        global HAS_REQUESTS
        HAS_REQUESTS = True
        print("✅ requests 安装完成\n")
Confidence
94% confidence
Finding
subprocess.run([sys.executable, "-m", "pip", "install", "requests", "-q"], check=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs use of local scripts that read reference files, generate outputs, and perform networked API/H5 checks, but it declares no permissions or user-consent boundaries. This creates a mismatch between apparent capability and declared trust surface, making it easier for the skill to access files, invoke shell-backed tooling, and send requests without explicit policy controls.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Automatically installing Python packages is outside the core purpose of an API test runner and causes side effects on the executing environment. In a skill ecosystem, this broadens the trust boundary from HTTP testing to software installation, which can be abused or cause operational and supply-chain risk.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script automatically invokes pip to install requests at runtime, which modifies the host environment and executes package-installation logic without explicit user consent. In an agent/skill context, this is risky because simply running a URL checker can trigger unexpected system changes, dependency confusion exposure, or failure modes in restricted environments.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes generic terms such as “测试”, “test”, “测试报告”, and “Bug单”, which are common in ordinary conversations and can cause accidental invocation outside the intended Guangzhou media testing context. Unintended activation is risky here because the skill can lead to file reads and networked test actions, potentially causing unexpected data handling or requests.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill maps user input like “测试这个接口 [URL]” directly to running an API test script, but it does not clearly warn the user that this will send live network requests to the supplied endpoint. In a testing skill, this is especially dangerous because users may provide production or third-party URLs, leading to unintended traffic, state changes, or policy violations despite the brief note discouraging production writes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script performs package installation via subprocess without prominent warning that execution will modify the environment. This is dangerous because users may believe they are only sending test requests, while the tool also changes local state and executes installer code, increasing the blast radius of running the skill.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code runs a pip install subprocess without a strong user-facing warning or opt-in, so executing the tool can unexpectedly alter the system. This is especially unsafe for a testing helper skill, where users would not reasonably expect package installation side effects from a simple link availability check.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.