胡田 OPC导师大赛标准化打分

Security checks across malware telemetry and agentic risk

Overview

This skill is a competition scoring tool, but it needs review because it mixes local scoring with broad online background checks and a placeholder batch script that does not actually read submitted documents.

Review before installing or using on real submissions. Use only with explicit consent for external checks, human review of any background or legal-risk findings, and a fixed batch script that parses actual PPT/PDF/Word content or fails closed instead of producing placeholder-based scores.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 82% confidence
Finding: The skill documents multiple output artifacts such as `.md`, `.xlsx`, and `.html` files, which implies file-write capability, but the manifest does not declare permissions. Undeclared write behavior weakens user consent and runtime policy enforcement, increasing the chance of unexpected file creation or overwriting in the user's workspace.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The skill is presented as a standardized scoring tool, but the documented behavior expands into deception detection, consistency auditing, ranking, and background investigation. This mismatch can cause users to provide sensitive business and personal data under a narrower expectation than the actual processing performed, undermining informed consent and increasing privacy/compliance risk.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill expands from document scoring into broad online verification of companies, patents, qualifications, founder history, and risk records. That materially changes the data-processing scope and can trigger privacy, legal, and reputational harms if users or subjects are not clearly informed and the checks are not strictly necessary.

Context-Inappropriate Capability

High

Confidence: 93% confidence
Finding: Founder identity, education, employment, and litigation-related verification involves sensitive personal information and can expose individuals to unfair profiling, false inference, or compliance violations. For a scoring skill, this is especially risky because it may influence decisions using external personal data beyond what the founder knowingly submitted in the competition materials.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: Querying litigation, enforcement, administrative penalties, and similar risk-intelligence sources goes beyond simple document evaluation and can create reputational and fairness issues, especially if results are stale, incomplete, or context-free. In a competition setting, such data may improperly bias scoring or lead to adverse actions without due process.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The documentation says documents are processed locally and not uploaded externally, yet later sections describe extensive online verification against third-party sites and services. This contradiction is dangerous because it can mislead users about where data goes, defeating informed consent and creating significant privacy and compliance exposure.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The code claims it should parse each document, but `process_file` ignores the actual file contents and scores a hardcoded string instead. In a judging/scoring skill, this is dangerous because it silently produces fabricated results that users may trust as real evaluations, undermining fairness and decision-making.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The skill advertises batch standardized scoring of business plans, but the processing path never reads or analyzes the submitted documents and instead assigns scores from fixed sample text. In the context of competition judging, this is especially dangerous because it can mislead evaluators into making rankings and awards based on non-existent analysis, causing integrity and trust failures.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill describes extensive external verification and background checks but does not clearly warn users that project and founder information may be queried against third-party services. This lack of prominent disclosure creates a privacy and transparency failure, especially given the competitive and potentially sensitive nature of the submitted documents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal