Back to skill

Security audit

laiye-doc-processing

Security checks across malware telemetry and agentic risk

Overview

This is a coherent cloud document-processing skill, but users must trust the external Laiye CLI and understand that selected documents can be sent to Laiye ADP.

Install only if you trust Laiye ADP and the external CLI source. Prefer the npm install path over curl-to-bash or downloaded PowerShell scripts, use a dedicated ADP API key, confirm exact files and folders before batch jobs, avoid uploading regulated or confidential documents without approval, and store exported results in a protected location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to fetch a remote shell script and pipe it directly into bash, which executes unreviewed code from the network immediately. If the GitHub account, repository, branch, or delivery path is compromised, users could run arbitrary code on their machines with their current privileges.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Windows installation command downloads a PowerShell script from the internet and executes it locally without any integrity verification or warning. This creates a direct remote-code-execution path for any user following the documentation if the hosted script is modified or intercepted through an upstream compromise.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes parsing invoices, receipts, orders, and identity documents, which are highly sensitive personal and financial records, but provides no visible privacy, retention, consent, or data-transfer warning. In the context of an AI-agent-invokable cloud document processing skill, this omission increases the risk that users or downstream agents will upload regulated data without understanding confidentiality or compliance implications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The installation instructions tell users to pipe a remotely fetched shell script directly into bash, which executes unreviewed code from the network immediately. If the hosting source, repository, DNS, transport path, or upstream account is compromised, users can suffer arbitrary code execution on their machines with the privileges of the invoking user.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Windows instructions download and immediately execute a PowerShell script from a remote GitHub URL without requiring review, signature verification, or checksum validation. This creates the same arbitrary code execution risk as shell piping, and on Windows may also enable persistence, credential theft, or broader host modification if run in a privileged session.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs agents to upload local files or provide document URLs to a third-party cloud document-processing service, but it does not clearly warn users that the content may contain sensitive personal, financial, HR, or identity-document data and will leave the local environment. In this context, the omission is risky because the advertised use cases include invoices, receipts, orders, and Chinese identity/credential documents, which commonly contain highly sensitive information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference describes parsing and extraction from URLs and document content without prominently warning that files, URLs, or base64 payloads are transmitted to an external service. In a skill that handles invoices, receipts, HR records, and identity documents, this omission increases the risk of users or agents sending sensitive personal or financial data off-platform without informed consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to pass API keys directly on the command line, including an example with a masked but realistic key in `adp custom-app create --api-key ...`. Command-line secrets are commonly exposed via shell history, process listings, CI logs, and agent transcripts, which can lead to credential leakage. In an agent skill context, this risk is heightened because agents often echo commands and persist execution logs.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The examples encourage sending local documents and file URLs to a remote parsing/extraction service without warning that potentially sensitive financial, HR, identity, or credential documents will leave the local environment. Given the skill explicitly targets invoices, receipts, and Chinese identity documents, this can expose regulated or highly sensitive personal and business data if used without user awareness or approval.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The batch export examples describe writing full extraction results, including document contents and error details, to user-specified directories without warning that sensitive extracted data will be stored on disk. This can create unintended local persistence of PII, financial data, or identity records, especially on shared systems, synced folders, or insecure workstations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.