Back to skill

Security audit

蒋道理|撤三证据链与风险审核引擎(SJ-IRAC)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real local legal document tool, but it has unsafe file-handling and local web UI controls that should be reviewed before installation.

Install only in a dedicated environment and use trusted case files. Keep the Web UI bound to 127.0.0.1, avoid exposing the desktop/web server to a network, pin/review dependencies before production use, and only use --organize-dir with a disposable output folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (16)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill executes multiple external binaries (pdftoppm, tesseract, soffice) and later launches a separate Python generator from a user-supplied --generator path. In an agent setting, this expands the trust boundary significantly: a caller can cause execution of unexpected local programs or malicious helper scripts, which is dangerous even though the purpose appears operational rather than overtly malicious.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
organize_evidence_package clears every file and subdirectory under a caller-controlled target_dir before repopulating it. Because --organize-dir is externally supplied and there is no safety boundary check against sensitive paths, misuse could wipe arbitrary directories accessible to the process.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The code deliberately strips or suppresses unfavorable evidence wording such as “时间不明” from submission-facing output. In a legal-evidence automation context, this is dangerous because it can materially misrepresent evidentiary weakness to downstream reviewers, creating deceptive output rather than a neutral transformation.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The code removes internal-risk and submission-warning language from outward-facing documents while still generating persuasive output. In this skill’s context—automating legal defense materials—suppressing risk disclosures increases the chance that weak, incomplete, or misleading evidence narratives are presented as stronger than they are.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
openpyxl
python-docx
pypdf
Confidence
97% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
openpyxl
python-docx
pypdf
PyMuPDF
Confidence
97% confidence
Finding
openpyxl

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
openpyxl
python-docx
pypdf
PyMuPDF
PyYAML
Confidence
97% confidence
Finding
python-docx

Unpinned Dependencies

Low
Category
Supply Chain
Content
pandas
openpyxl
python-docx
pypdf
PyMuPDF
PyYAML
Confidence
97% confidence
Finding
pypdf

Unpinned Dependencies

Low
Category
Supply Chain
Content
openpyxl
python-docx
pypdf
PyMuPDF
PyYAML
Confidence
97% confidence
Finding
PyMuPDF

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-docx
pypdf
PyMuPDF
PyYAML
Confidence
99% confidence
Finding
PyYAML

Known Vulnerable Dependency: openpyxl — 2 advisory(ies): CVE-2017-5992 (Improper Restriction of XML External Entity Reference in Openpyxl); CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows remote attack)

High
Category
Supply Chain
Confidence
80% confidence
Finding
openpyxl

Known Vulnerable Dependency: python-docx — 2 advisory(ies): CVE-2016-5851 (Improper Restriction of XML External Entity Reference in python-docx); CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct XML Exter)

High
Category
Supply Chain
Confidence
82% confidence
Finding
python-docx

Known Vulnerable Dependency: pypdf — 10 advisory(ies): CVE-2026-48156 (pypdf: Possible long runtimes for zero-only width values in cross-reference stre); CVE-2026-24688 (pypdf has possible Infinite Loop when processing outlines/bookmarks); CVE-2026-27628 (pypdf has a possible infinite loop when loading circular /Prev entries in cross-) +7 more

Low
Category
Supply Chain
Confidence
76% confidence
Finding
pypdf

Known Vulnerable Dependency: PyYAML — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
91% confidence
Finding
PyYAML

Unsafe Defaults

Medium
Category
Tool Misuse
Content
UI_CONFIRM_RETURN_CODE = 5
DEFAULT_OUTPUT_FORMATS = "docx"
WEBUI_AUTH_TOKEN = ""
WEBUI_REQUIRE_AUTH = False
WEBUI_RUN_ID = f"webui_{uuid.uuid4().hex[:8]}"
WEBUI_LOGGER = setup_logger(__name__, log_dir=(BASE_DIR / "logs"))
Confidence
94% confidence
Finding
AUTH = False

Unsafe Defaults

Medium
Category
Tool Misuse
Content
UI_CONFIRM_RETURN_CODE = 5
DEFAULT_OUTPUT_FORMATS = "docx"
WEBUI_AUTH_TOKEN = ""
WEBUI_REQUIRE_AUTH = False
WEBUI_RUN_ID = f"webui_{uuid.uuid4().hex[:8]}"
WEBUI_LOGGER = setup_logger(__name__, log_dir=(BASE_DIR / "logs"))
Confidence
94% confidence
Finding
REQUIRE_AUTH = False

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.