Back to skill

Security audit

Loan Telemarketing Script

Security checks across malware telemetry and agentic risk

Overview

The skill is a loan-sales script generator, but its network credentials and data destination are under-disclosed and inconsistent with its own documentation.

Review before installing. Only use this with a trusted LOAN_CHECK_API_URL, avoid entering personal or regulated customer data unless you understand the backend's privacy terms, and verify the generated loan-sales scripts for local telemarketing and financial-services compliance. Be aware that -o can overwrite files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tainted flow: 'req' from os.environ.get (line 73, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
req.add_header("X-User-Key", USER_KEY)

    try:
        with urllib.request.urlopen(req, timeout=60) as resp:
            return json.loads(resp.read().decode("utf-8"))
    except urllib.error.HTTPError as e:
        error_body = e.read().decode("utf-8", errors="replace")
Confidence
90% confidence
Finding
with urllib.request.urlopen(req, timeout=60) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares requirements for an API key, network access via a remote LLM, and file output, but does not explicitly declare permissions or provide clear user-facing disclosure about these capabilities. This creates a transparency and consent problem: users may supply sensitive customer profiling or loan-related data without understanding that it will be written to disk and transmitted to an external service.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill encourages saving generated output to arbitrary file paths but does not warn about overwriting existing files, writing sensitive customer-targeting content to disk, or choosing safe destinations. In practice this can lead to accidental data exposure or destruction of local files when operators use output paths carelessly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requires a DeepSeek API key and instructs users to send loan-product and customer-profile inputs to a remote model, but it does not clearly disclose that this information will leave the local environment. Because the inputs may include sensitive marketing strategies or customer segmentation data, lack of network-transmission notice creates privacy, confidentiality, and compliance risk.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The file hardcodes a specific Chinese informal sales register (for example repeated use of '哥', aggressive telemarketing framing, and prescribed objection-handling scripts) without any indication that the user can choose tone, language, or compliance-safe alternatives. In an agent skill, forcing this register can cause the model to generate manipulative or unsuitable outreach content for the wrong audience, jurisdiction, or business context, increasing reputational, legal, and policy risk.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The tool transmits potentially sensitive customer profiling data such as customer type, pain points, and product context to a remote API without any explicit privacy warning or consent mechanism. In a loan telemarketing context, this can involve financial-needs data and sales profiling, making silent transmission more privacy-sensitive than a generic text generator.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.