Business Rule Engine

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real business rule engine, but it evaluates rule text as Python code without clear warnings or containment.

Install only if all rule definitions and rule authors are trusted. Do not use this with customer-supplied, third-party, or remotely loaded rules until eval is replaced with a restricted parser or allowlisted evaluator and the trust boundary is documented.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

eval() call detected

High

Category: Dangerous Code Execution
Content: # 安全求值 | Safe evaluation try: result = eval(expr, {"__builtins__": {}}, {}) return bool(result) except: return False
Confidence: 99% confidence
Finding: result = eval(expr, {"__builtins__": {}}, {})

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: This is the same core issue as the eval finding, compounded by misleading 'safe evaluation' comments that may cause reviewers or downstream users to trust dangerous behavior. The implementation performs raw string replacement and then executes the resulting Python expression, which is fragile and can be abused via crafted rule text or variable names/values.

Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)

Low

Category: Supply Chain
Confidence: 78% confidence
Finding: pytest

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal