Security audit

Fundreport Scrape

Security checks across malware telemetry and agentic risk

Overview

The skill’s PDF-to-Excel purpose is coherent, but it needs review because it can process broad local folders, write/send generated financial spreadsheets, and includes unsafe ZIP handling and loose auto-start instructions.

Install only after reviewing the scripts and run them on a narrow, trusted folder. Avoid ZIP inputs unless the archive is trusted, confirm the exact PDFs and Excel destination before processing, and prefer a virtual environment or manual dependency setup instead of running the installer blindly with sudo/root.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill documentation instructs users to run local scripts over arbitrary filesystem paths and process local Excel/PDF inputs, which implies file-read capability, but the skill does not declare corresponding permissions. This creates a transparency and trust problem: users and tooling cannot accurately assess what local data the skill accesses, increasing the risk of unintended exposure of sensitive documents if the implementation reads more than expected.

Intent-Code Divergence

Low

Confidence: 98% confidence
Finding: The script installs `pdf2image`, `Pillow`, and `opencv-python-headless`, but its verification step imports `pytesseract`, which it never installs, and does not explicitly verify `Pillow`. This creates a misleading success signal: operators may believe OCR dependencies are fully installed when the actual OCR Python binding is missing, causing runtime failure or incomplete processing later.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The example workflow explicitly encourages the agent to echo a user-supplied folder path and enumerate discovered files and counts from that directory. This can expose sensitive local filesystem structure, filenames, and document inventory in the model's response, which is unnecessary for the core task and increases privacy and data-leakage risk if logs, screenshots, or downstream tools capture the output.

Ssd 3

Medium

Confidence: 88% confidence
Finding: The skill directs the AI to send generated Excel outputs derived from all scanned files in the folder, effectively bundling and transmitting data aggregated from every discovered PDF. In a batch-processing context, this broad export can cause over-collection and unintended disclosure of sensitive financial report contents, especially if the folder contains more documents than the user intended to share.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal