Back to skill

Security audit

天津安信华瑞

Security checks across malware telemetry and agentic risk

Overview

This is a coherent IoT template, but it gives deployed devices automatic remote update/reboot behavior and transmits sensitive device identifiers without enough safeguards or disclosure.

Install only if you are intentionally building a QuecPython cellular Modbus device and can review the generated code before deployment. Replace all default reporting and OTA URLs, disable or tightly control OTA unless you have signed firmware and rollback procedures, avoid sending IMSI/ICCID unless strictly required, redact identifiers from logs, and test on non-production hardware before enabling autostart.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (17)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The guide shows device behavior being controlled directly by a server response field (`debug == 'restart'`) without any authentication, authorization, integrity validation, or operator-confirmation safeguards. In an IoT context, this creates a dangerous command-and-control pattern: a compromised server, spoofed response, or man-in-the-middle condition could remotely force device restarts or extend to additional privileged actions.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The module is presented as a data-reporting component, but its HTTP response handling can silently trigger OTA download, set an update flag, and immediately reboot the device. This creates a dangerous hidden control path: any trusted or compromised server response can remotely change device software, and there is no visible authentication, integrity verification, or operator approval in this code path.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The module collects persistent device and subscriber identifiers (IMEI, IMSI, ICCID) as part of a generic network information routine, even though the rest of the function is focused on connectivity and radio metrics. These identifiers materially increase privacy and tracking risk because they uniquely identify the device and subscriber and could be exposed through logs, telemetry, or downstream consumers without a clear operational need shown in this code.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The examples explicitly show collecting and transmitting the device IMEI and related telemetry without any privacy, consent, retention, or minimization warning. IMEI is a persistent device identifier, so normalizing its collection in sample payloads can lead downstream users to deploy device tracking or inventory correlation without considering privacy and regulatory obligations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document instructs users to upload multiple files directly into the device's /usr directory, which can overwrite existing code or configuration without warning. In an embedded/IoT deployment context, this can break device behavior, remove prior safeguards, or cause accidental rollback/loss of working configurations, especially because the batch script writes files non-interactively.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The HTTP debug example includes transmission of device-identifying data (`imei`) and demonstrates posting to external endpoints without any warning about privacy, data minimization, or safe handling of test data. Even though this is documentation, it normalizes sending identifying information during debugging and may lead users to leak production identifiers into logs, third-party systems, or insecure environments.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The network debugging example prints IMEI, ICCID, signal, and cell information directly to console without any caution about sensitivity or log exposure. On shared workstations, support screenshots, ticketing systems, or collected debug logs, these identifiers can be harvested for device tracking, inventory mapping, SIM correlation, or social-engineering abuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The sample startup log includes realistic-looking IMEI and a direct phone number, but provides no instruction to anonymize or scrub such data before sharing. Documentation often gets copied verbatim into tickets, wikis, and chat channels, so including live-style identifiers materially increases the chance of unintended disclosure of sensitive operational and contact information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
文档提供了直接删除 `/usr/old_file.py` 的示例,但没有任何备份、路径核对、不可恢复性或误删关键文件的提示。在嵌入式设备部署场景中,用户可能机械照做并删除错误文件,导致功能异常、启动失败或排障困难。

Missing User Warnings

Medium
Confidence
88% confidence
Finding
文档说明设备会自动下载 OTA、自动升级并自动重启,但未提示升级期间可能造成业务中断、数据丢失、配置变更或现场设备不可用。对于物联网设备,这类行为直接影响可用性,尤其在无人值守或生产环境中风险更高。

Missing User Warnings

Medium
Confidence
93% confidence
Finding
文档指导打印和备份 IMEI、ICCID 等设备唯一标识,但没有说明这些信息属于敏感资产,也未要求脱敏、最小化存储或访问控制。若这些标识被日志、截图、工单或共享文档泄露,可能被用于设备枚举、资产追踪、社工或供应链侧滥用。

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code packages and transmits device identifiers and telemetry such as IMEI, IMSI, cell information, and sensor data to a remote endpoint, but there is no evidence here of transport security, minimization, consent, or disclosure controls. If the endpoint uses plain HTTP or an untrusted network, these values can be exposed in transit or collected beyond operational necessity.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The code gathers sensitive identifiers without any visible notice, consent flow, or even an API boundary indicating that privileged data is being accessed. In a network-management context, silent collection of IMSI/ICCID/IMEI makes privacy misuse easier and increases the chance that integrators will expose or transmit subscriber data unintentionally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide instructs users to upload files to the device and run the main program, while earlier sections require configuring data reporting and OTA endpoints. This can cause immediate outbound network communication, device enrollment, data transmission, or OTA behavior without clearly warning the operator about those effects, increasing the risk of unintended data disclosure or device-side changes during testing.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill advertises activation on very broad keywords and generic IoT/embedded requests, which can cause unintended invocation outside the narrow QuecPython/Modbus use case. This increases the chance the agent applies this skill in the wrong context, leading to inappropriate file generation, misleading guidance, or collection of configuration details when a more suitable skill should have handled the request.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger description is broad enough that ordinary user requests about QuecPython, Modbus, IoT, or reporting could activate the skill unintentionally. In this skill’s context, accidental activation is more concerning because the documented workflow includes creating projects, copying templates, guiding configuration, and ultimately deploying code to network-connected devices that report to external platforms.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document describes actions that can affect real systems—copying a template, modifying configuration, deploying to devices, and sending data to customer-specified platform endpoints—without explicit warnings about operational impact, network transmission, or destination verification. In an IoT/industrial context, this omission increases the risk of users pushing code to production-like devices or transmitting sensitive or incorrect telemetry to unintended external services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.