Jf Open Pro Ai Joblover

Security checks across malware telemetry and agentic risk

Overview

This skill is for a disclosed employee-monitoring API, but it handles sensitive credentials and surveillance controls in ways users should review carefully before installing.

Install only if you are authorized to monitor the relevant workplace devices and employees, and confirm your legal/privacy obligations before use. Treat the JF app secret, authorization token, device serial number, signatures, and alarm media as sensitive; avoid verbose/debug output in shared logs, do not paste real secrets into shell history, and rotate any credentials resembling the hardcoded examples if they are real.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 83% confidence
Finding: The skill documentation demonstrates network and shell execution capabilities via Python and curl examples, but it does not declare corresponding permissions. This creates a transparency and governance gap: users or platforms may approve the skill without understanding that it can invoke external APIs and run shell commands with sensitive credentials.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The stated purpose emphasizes monitoring and notifications, but the documented behavior also includes configuration changes such as enabling/disabling the service and adding/removing duty plans. This mismatch can mislead operators about the skill’s authority, increasing the chance of unsafe use that alters monitoring coverage or disables protections unintentionally.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill is explicitly designed for employee monitoring, abnormal behavior detection, alarm review, and behavior statistics, yet it provides no privacy, consent, retention, or lawful-use warning. In a workplace-surveillance context, omission of these safeguards increases the risk of misuse, non-compliant monitoring, and exposure of sensitive employee behavioral data.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The documentation exposes service-switching and plan-deletion operations without clearly warning that these actions can reduce monitoring coverage or remove configured inspection schedules. In a safety or compliance setting, accidental or casual use of such operations could create blind spots and undermine operational oversight.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script accepts sensitive values such as appkey, secret, and Authorization token via command-line arguments, which are commonly exposed through shell history, process listings, audit logs, and job runner metadata. In this skill’s context, those credentials are then used to access a remote security-monitoring API, so leakage could allow unauthorized querying of alarm data or broader API misuse depending on token scope.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: Verbose mode prints a complete reproducible curl command containing live `Authorization`, `appKey`, `uuid`, `timeMillis`, and `signature` values. In agent or shared logging environments, these secrets can be captured from stdout, logs, chat transcripts, or job artifacts and then reused to query the API or perform privileged state changes.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The executable test block contains what appears to be a real application secret and key material in plaintext. If this file is committed to source control, shared with users, or packaged with the skill, an attacker could reuse the credentials to generate valid signatures and impersonate the client when calling the upstream platform API.

External Transmission

Medium

Category: Data Exfiltration
Content: --movecard 7 ``` ### 1.1 完整 curl 示例（用于调试） ```bash # 生成签名（使用 jf_signature.py）
Confidence: 87% confidence
Finding: curl 示例（用于调试） ```bash # 生成签名（使用 jf_signature.py） python3 -c "from jf_signature import generate_signature; t,s=generate_signature('<your-uuid>','<your-appkey>','<your-secret>',7); echo timeMillis=\$t;

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal