Back to skill

Security audit

客户清单分析

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed customer-list analytics tool, but users should treat its outputs as sensitive customer and business data.

Install only where the Shop API account is authorized for the intended stores and users. Expect customer IDs, visit details, salesperson names, and transaction amounts to enter the agent context or reports, and verify the external local api_client before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill returns the raw `customer_list` containing full customer records even though the skill is described as an analysis/reporting tool. In a customer analytics context, this creates unnecessary exposure of potentially sensitive customer data to downstream consumers, logs, or model outputs, violating data minimization and increasing privacy and compliance risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are broad natural-language examples without clear exclusions, so the skill may activate for loosely related customer or analytics queries. In a system that can query customer lists and export details, over-triggering increases the chance of unnecessary access to customer data and unintended data processing.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly supports querying and exporting customer detail records but does not disclose privacy implications or require user acknowledgement for handling potentially sensitive customer data. This can lead to silent collection, broader exposure, or over-sharing of identifiable business/customer information during normal use.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.