营业执照识别与抽取（ADP）

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears to be a real cloud document-processing tool, but its documented powers are much broader than business-license extraction and include uploading arbitrary files plus managing remote apps.

Review this before installing. Use it only if you intend to use Laiye ADP as a cloud document-processing service, not just a narrow local business-license parser. Do not point it at folders or confidential records unless your policy allows upload to that third party, and prefer restricted credentials or a dedicated app/account.

Publisher note

本技能为来也科技企业级应用，仅通过安全方式调用内部指定 CLI 命令执行文档抽取任务，无网络外发、无文件越权访问、无额外风险行为。

SkillSpector (10)

By NVIDIA

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The README describes a broad, general-purpose ADP CLI with parsing, extraction, batch processing, async jobs, and application management, which materially exceeds the manifest’s stated purpose of Chinese business-license recognition and extraction. This scope mismatch is dangerous because an agent or user may grant the skill much broader document-processing authority than expected, increasing the attack surface and enabling unintended handling of arbitrary files and workflows.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The README advertises generic remote URL, local file, directory, and base64 processing beyond business-license extraction, allowing the skill to act on arbitrary inputs rather than a narrowly scoped document type. In the context of an agent skill, this broad input surface can be abused to fetch or transmit unrelated sensitive documents and makes the skill more powerful than its metadata suggests.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Documented application lifecycle management capabilities such as creating, updating, and deleting custom apps are unrelated to business-license recognition and significantly expand what the skill can do. This is risky because it enables persistent configuration changes and broader platform control that are unnecessary for the advertised task, violating least privilege.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The README documents a general-purpose cloud document-processing CLI with broad parsing, extraction, async task handling, and app management features that materially exceed the declared scope of a business-license-only skill. This scope mismatch is dangerous because an agent or user may invoke powerful unintended capabilities on arbitrary documents and URLs, causing unauthorized data handling and expansion of the skill's effective permissions.

Context-Inappropriate Capability

High

Confidence: 93% confidence
Finding: Documenting create/update/delete operations for custom extraction applications is unjustified for a skill advertised as fixed-function business-license extraction. These management operations can alter remote service behavior and expand processing scope, enabling misuse beyond the user's expected task and increasing the blast radius of agent autonomy.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The README promotes processing arbitrary document types and remote URLs, which is broader than the stated business-license-specific purpose. In skill context, this makes the issue more dangerous because users may reasonably trust the skill with narrow data handling, while the documented commands support exfiltration or processing of unrelated content through a public cloud backend.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README promotes remote URL processing and cloud-based extraction without clearly warning that document contents or fetched remote files will be transmitted to an external service. Users may unknowingly process confidential business records through a third-party cloud endpoint, creating privacy, compliance, and data-governance risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README documents processing of local files, directories, and base64 content without a clear warning that sensitive data may leave the local environment and be uploaded to the service. In a skill context, this omission is more dangerous because agents may automatically submit entire folders or encoded content, causing unintentional bulk exfiltration of sensitive documents.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README shows local-file, URL, and Base64 submission flows to a hosted ADP service but does not clearly warn that content is transmitted to a public cloud for processing. This is dangerous because users may submit sensitive corporate documents under the assumption of local-only processing, resulting in unintended disclosure to a third party.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs users to upload business-license images and extract sensitive fields through a remote third-party ADP service, but it does not clearly warn users that documents and extracted PII will leave the local environment. Because business licenses can contain high-sensitivity identifiers, names, and addresses, insufficient disclosure can lead to unintended privacy, compliance, or data-handling violations.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal