Back to skill

Security audit

CNInfo Reports

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-run CNInfo report downloader whose file, network, and local state behavior matches its stated purpose, with a few setup and scoping cautions.

Install in a virtual environment, pass an explicit `--stock-csv`, `--output-dir`, and `--runtime-dir`, and run `--dry-run` first. Only use CSV contents you are comfortable sending to CNInfo, and treat the reset command as deleting local progress state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to run Python code that reads local CSV files, writes output and state to disk, and performs network requests, but the skill metadata declares no permissions or equivalent capability disclosure. This creates a trust and review gap: users or platforms may authorize the skill under false assumptions, increasing the chance of unintended data access, external communication, or file modification.

Context-Inappropriate Capability

Low
Confidence
91% confidence
Finding
The fallback logic scans the entire current working tree with Path.cwd().rglob("上市公司基础信息.csv") when the configured CSV path does not exist. That broadens file-system access beyond the user-specified input and can cause the service to pick up an unintended file from unrelated directories, creating a confidentiality and integrity risk through surprising data selection and unnecessary traversal of the workspace.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The reset section tells the user to delete SQLite state files directly but does not warn that this will erase resume/progress state and may cause reprocessing or redownload behavior. While narrowly scoped to the runtime directory, it still encourages destructive action without clearly stating the operational consequences.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.