Back to skill

Security audit

HUDC Bidding Information Capture

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local bidding-document analyzer, but it can modify the Python environment by auto-installing packages and uses fixed Desktop input/output paths without a clear consent step.

Install only if you are comfortable with it reading tender files from ~/Desktop/sgcc_files and writing a report to ~/Desktop/sgcc_result.xlsx. Run it in a virtual environment or container, preinstall python-docx/openpyxl/pdfplumber yourself, and review the script before using it on sensitive procurement documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
__import__(import_name or pkg)
    except ImportError:
        print(f"  [安装] 正在安装 {pkg} ...")
        os.system(f"pip3 install {pkg} --break-system-packages -q 2>/dev/null")

_ensure("python-docx", "docx")
_ensure("openpyxl")
Confidence
95% confidence
Finding
os.system(f"pip3 install {pkg} --break-system-packages -q 2>/dev/null")

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Automatically installing Python packages during execution introduces remote code execution risk because package installation runs setup/build logic and pulls code from external sources unrelated to the core task of parsing files. In the context of an agent skill, this is especially dangerous because users may expect passive document analysis, not networked software installation with system-level side effects.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad natural-language requests such as analyzing bid documents or desktop tender files, which can overlap with routine user requests and cause the skill to activate unintentionally. In this skill, unintended activation matters because the documented behavior includes scanning local desktop folders and processing many files, increasing the chance of surprising file access or unintended bulk analysis.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill tells the user to edit a local configuration file to change keyword behavior, but it does not clearly warn that this persists on disk and changes future runs of the skill. That can lead to unexpected long-term behavior changes, confusion during later analyses, or accidental weakening/broadening of matching logic if a user modifies the file without understanding the persistence.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script performs side-effecting actions—installing packages and writing an output file to the user's Desktop—without explicit confirmation. While not inherently malicious, this violates least surprise and can lead to unauthorized environment changes or data placement in contexts where skills are expected to be read-only or sandbox-safe.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.