Back to skill

Security audit

中国机动车行驶证识别与抽取(ADP)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Laiye ADP vehicle-license extraction skill, but it asks users to trust a broader cloud document-processing CLI than the narrow skill purpose requires.

Install only if you are comfortable sending vehicle-license images and extracted fields to Laiye ADP cloud services. Prefer npm or verified release binaries over curl|bash or irm|iex, restrict the API key, keep agent use limited to the OOTB vehicle-license extraction commands, avoid custom-app admin commands unless intentionally managing ADP, and treat exported JSON results as sensitive personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (11)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The README describes a broad, general-purpose ADP CLI with document parsing, extraction, app management, and workflow automation features that materially exceed the declared skill purpose of vehicle license recognition. This scope mismatch is dangerous because consumers may grant broader trust and permissions than intended, enabling use of a much more capable tool than the skill metadata suggests.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
Advertising custom application creation, update, and deletion exposes administrative capabilities far beyond a simple extraction skill. In an agent ecosystem, this increases risk of unauthorized configuration changes, destructive actions, or privilege misuse if the agent or user assumes the skill is limited to document extraction.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The README describes a broad, general-purpose ADP document-processing CLI rather than a narrowly scoped vehicle-license recognition skill. This capability mismatch is dangerous because an agent or user may invoke far broader parsing, extraction, and app-management features than the advertised skill scope, expanding data access and operational reach beyond least privilege.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Documenting custom application lifecycle management inside a skill advertised for vehicle license extraction exposes functionality unrelated to the declared purpose, including creating, updating, and deleting extraction apps. In an agent setting, this can enable unauthorized reconfiguration or abuse of broader platform capabilities, increasing the blast radius beyond simple OCR/extraction.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The README explicitly supports processing arbitrary remote URLs, which exceeds the stated vehicle-license extraction use case and can cause the system to fetch and process attacker-controlled content. In agent workflows this broadens input trust boundaries and may facilitate data exfiltration, SSRF-like misuse via backend fetchers, or unreviewed handling of non-vehicle documents.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README recommends executing remote shell and PowerShell installer scripts directly from the network without integrity verification or any warning. This is dangerous because compromise of the source, transit, or referenced repository could lead to arbitrary code execution on the user's system during installation.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The installation instructions include piping remotely fetched shell and PowerShell scripts directly into interpreters. This is dangerous because any compromise of the hosting location, repository, network path, or referenced script content can lead to immediate arbitrary code execution on the user's machine with the user's privileges.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to parse and extract local documents and remote URLs using a public cloud ADP service without clearly warning that document contents are transmitted off-host for processing. For sensitive identity documents like vehicle licenses, this creates material privacy, compliance, and inadvertent data-disclosure risk if users assume processing is local.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs users to submit vehicle license images and extract highly sensitive personal and vehicle data through a remote third-party ADP service, but it does not clearly warn that documents will be transmitted off-host for cloud processing. Because the data includes PII and document identifiers such as owner name, address, VIN, engine number, and license plate, omission of an explicit transmission/privacy notice can lead to unintended data disclosure and compliance risk.

External Script Fetching

Low
Category
Supply Chain
Content
```bash
# 方法 2: Shell 脚本(Linux / macOS,无 npm 环境时使用)
curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash
```

```bash
Confidence
97% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# 方法 2: Shell 脚本(Linux / macOS,无 npm 环境时使用)
curl -fsSL https://raw.githubusercontent.com/laiye-ai/adp-cli/main/scripts/adp-init.sh | bash
```

```bash
Confidence
99% confidence
Finding
| bash

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.