Back to skill

Security audit

中国居民身份证识别与抽取(ADP)

Security checks across malware telemetry and agentic risk

Overview

This looks like a real ADP ID-card extraction integration, but it needs Review because it handles sensitive identity documents and ships broader CLI/admin instructions than the narrow skill purpose implies.

Install only if you are authorized to process the ID-card data and are comfortable sending those images and extracted fields to Laiye ADP cloud services under your API key. Prefer npm or verified release artifacts over pipe-to-shell installs, confirm privacy and retention terms, and restrict agent use to the built-in ID-card extraction app rather than the broader general document or custom-app management commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The README describes a broad general-purpose ADP CLI with parsing, extraction, batch processing, and app management features, while the skill metadata claims a narrowly scoped ID-card recognition skill. This scope mismatch is dangerous because users or agents may invoke capabilities far beyond the declared purpose, increasing the risk of unintended data processing, privilege expansion, or misuse of a more powerful tool than expected.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
Documenting custom app creation, update, and deletion exposes management operations that exceed an extraction-only skill's stated purpose. In an agent setting, this can enable unexpected state-changing actions against a remote service, including modifying configurations or deleting resources, which materially increases the blast radius beyond simple document recognition.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The README materially misrepresents the skill's scope: the manifest claims a narrowly scoped Chinese ID-card recognition skill, but the documentation describes a broad general-purpose ADP document-processing CLI with parsing, extraction, async tasking, and app management. This scope mismatch is dangerous because agents or users may grant broader trust, permissions, or data access than intended, enabling unintended processing of arbitrary documents and expanding the attack surface.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Including custom application creation, editing, versioning, and deletion capabilities is inconsistent with a fixed-purpose ID-card extraction skill and gives the skill effective reprogramming or expansion capability. In an agent context, that can let the skill be repurposed to process other document classes or change extraction behavior beyond the reviewed and expected scope.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill documentation exposes parsing and extraction for invoices, orders, certificates, bills, and general documents, which exceeds the declared身份证 use case. This overbreadth increases data-exposure risk because a caller may use the skill to upload and process unrelated sensitive documents under the guise of a narrowly scoped identity-verification tool.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to configure a cloud API endpoint and process local files or remote URLs, but it does not clearly warn that document contents may be transmitted to an external service. This is especially sensitive in an ID-card processing context because identity documents contain high-value personal data, and users may reasonably assume local-only handling if data flows are not explicitly disclosed.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README recommends installation via remotely fetched shell and PowerShell scripts executed immediately, without integrity verification, pinning, or a clear security warning. If the upstream repo, network path, or referenced script is compromised, users or agents could execute arbitrary code on the host during installation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to upload Chinese ID card images and extract highly sensitive personal data through a remote third-party ADP service, but it does not provide a clear privacy, consent, data residency, retention, or compliance warning. Because the content involves government ID data and full identity attributes, omission of explicit handling safeguards materially increases the risk of privacy violations, regulatory noncompliance, and inappropriate data disclosure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The installation section recommends piping remotely fetched shell and PowerShell scripts directly into an interpreter without any safety warning or integrity verification. This is dangerous because a compromised upstream repository, MITM, or malicious script update would result in immediate arbitrary code execution on the user's machine.

External Script Fetching

Low
Category
Supply Chain
Content
```bash
# 方法 2: Shell 脚本(Linux / macOS,无 npm 环境时使用)
curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash
```

```bash
Confidence
99% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# 方法 2: Shell 脚本(Linux / macOS,无 npm 环境时使用)
curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash
```

```bash
Confidence
99% confidence
Finding
| bash

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.