Back to skill

Security audit

Loan Qualification Check

Security checks across malware telemetry and agentic risk

Overview

This loan-screening skill is purpose-aligned, but it can send sensitive applicant and batch CSV financial data to an external API without enough disclosure, consent controls, or endpoint safeguards.

Review before installing. Use this only with authorized customer data, configure the API URL to a trusted HTTPS endpoint, understand who operates the backend and how it stores data, and avoid batch uploads unless you have consent and a clear compliance process. The clean VirusTotal/static scan reduces malware concern, but it does not resolve the privacy and endpoint-governance issues.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Tainted flow: 'req' from os.environ.get (line 26, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
req.add_header('X-API-Key', api_key)
    
    try:
        with urllib.request.urlopen(req, timeout=30) as resp:
            return json.loads(resp.read().decode('utf-8'))
    except urllib.error.HTTPError as e:
        error_body = e.read().decode('utf-8', errors='replace')
Confidence
95% confidence
Finding
with urllib.request.urlopen(req, timeout=30) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares access to environment variables and instructs execution of a Python script that reads files, writes output files, and calls a backend API, but it does not clearly declare corresponding permissions. This creates a transparency and governance gap: users or platforms may not realize the skill can access secrets and transmit customer financial data externally.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation guidance is broad, covering general customer consultation, product comparison, risk screening, and batch processing without clear boundaries on when the skill should or should not be used. In a financial context, overly broad triggers increase the chance of processing sensitive personal and credit data without adequate consent, validation, or human review.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs users to run a script that sends customer qualification inputs to a backend API, but it does not present an explicit warning that personal and financial information will be shared with an external service. Given the data types involved—name, age, income, city, credit profile, and potentially batch CSV records—this creates a significant privacy and compliance risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest description is very broad and lacks clear activation boundaries, which can cause the skill to be invoked for loosely related financial or customer-assessment tasks. In a finance and lending context, overbroad triggering is risky because the skill may process sensitive personal and credit-related information without sufficiently explicit user intent or scoped use.

Missing User Warnings

High
Confidence
93% confidence
Finding
This code packages personally and financially sensitive applicant data and sends it to a backend API without any user-facing notice, consent prompt, or disclosure of where the data is going. In a loan-screening context, these fields are sensitive enough that silent transmission creates privacy, compliance, and unauthorized-sharing risk.

Missing User Warnings

High
Confidence
95% confidence
Finding
Batch mode reads multiple applicant records from CSV and uploads each one to the backend API without an explicit warning that bulk sensitive data will be transmitted externally. This increases blast radius substantially because a single invocation may expose many individuals' financial and personal records.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.