Back to skill

Security audit

Audit Case Rag

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local audit-document search tool; its main risks are normal local document-processing and dependency-management risks, not hidden or malicious behavior.

Install only in an isolated virtual environment, index only case folders you intend to process, and keep the output directory private because the manifest, converted PDFs, and joblib index can contain sensitive audit text. Consider pre-provisioning embedding model files for offline use, pinning dependencies with a lockfile, and sandboxing LibreOffice/PDF parsing for untrusted documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs users to create a virtual environment, install dependencies, and run a Python script that writes manifests and persistent index files, while no explicit permission model is declared. That mismatch is a real security concern because a user or host may assume the skill is documentation-only, yet it performs filesystem writes and shell-oriented operations, increasing the chance of unintended execution with local file access.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The script claims to be local-first, but TextEmbedding(model_name=...) may trigger model download or external asset initialization if the model is not already present. In an audit/investigation workflow, that can unexpectedly disclose environment metadata or cause sensitive operational use to depend on network access outside the documented behavior.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Local-first audit/investigation RAG (no cloud APIs)
fastembed>=0.3.0
scikit-learn>=1.5.0
pypdf>=4.2.0
pandas>=2.2.0
Confidence
88% confidence
Finding
fastembed>=0.3.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Local-first audit/investigation RAG (no cloud APIs)
fastembed>=0.3.0
scikit-learn>=1.5.0
pypdf>=4.2.0
pandas>=2.2.0
openpyxl>=3.1.2
Confidence
88% confidence
Finding
scikit-learn>=1.5.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Local-first audit/investigation RAG (no cloud APIs)
fastembed>=0.3.0
scikit-learn>=1.5.0
pypdf>=4.2.0
pandas>=2.2.0
openpyxl>=3.1.2
pyyaml>=6.0.1
Confidence
93% confidence
Finding
pypdf>=4.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
fastembed>=0.3.0
scikit-learn>=1.5.0
pypdf>=4.2.0
pandas>=2.2.0
openpyxl>=3.1.2
pyyaml>=6.0.1
joblib>=1.3.0
Confidence
86% confidence
Finding
pandas>=2.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
scikit-learn>=1.5.0
pypdf>=4.2.0
pandas>=2.2.0
openpyxl>=3.1.2
pyyaml>=6.0.1
joblib>=1.3.0
numpy>=1.26.0
Confidence
86% confidence
Finding
openpyxl>=3.1.2

Unpinned Dependencies

Low
Category
Supply Chain
Content
pypdf>=4.2.0
pandas>=2.2.0
openpyxl>=3.1.2
pyyaml>=6.0.1
joblib>=1.3.0
numpy>=1.26.0
Confidence
90% confidence
Finding
pyyaml>=6.0.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas>=2.2.0
openpyxl>=3.1.2
pyyaml>=6.0.1
joblib>=1.3.0
numpy>=1.26.0
Confidence
84% confidence
Finding
joblib>=1.3.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openpyxl>=3.1.2
pyyaml>=6.0.1
joblib>=1.3.0
numpy>=1.26.0
Confidence
84% confidence
Finding
numpy>=1.26.0

Known Vulnerable Dependency: pypdf==4.2.0 — 10 advisory(ies): CVE-2026-48156 (pypdf: Possible long runtimes for zero-only width values in cross-reference stre); CVE-2026-24688 (pypdf has possible Infinite Loop when processing outlines/bookmarks); CVE-2026-27628 (pypdf has a possible infinite loop when loading circular /Prev entries in cross-) +7 more

Low
Category
Supply Chain
Confidence
97% confidence
Finding
pypdf==4.2.0

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.