通达信UA修改，TcefWnd.dll修改

Security checks across malware telemetry and agentic risk

Overview

This skill openly patches a trading application's browser DLL to impersonate a mobile browser and bypass website restrictions, so users should review it carefully before installing.

Install only if you intentionally want to modify your own TongDaXin installation and understand the risks. Use dry-run first, verify the exact DLL path, close TongDaXin before patching, keep an independent backup, and do not use it to bypass website restrictions or access controls without authorization.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill explicitly instructs users to run a script that modifies a DLL in place and creates backups, which is a file-write capability with persistent system impact. Because no permissions are declared, users and enforcement layers are not given an accurate signal that the skill can alter installed software, increasing the risk of unsafe or unexpected binary tampering.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill’s stated purpose includes disguising the embedded browser as a mobile browser and bypassing website restrictions, which is an evasion use case. Even though the mechanism is 'just' a User-Agent change, the context makes it a tool for defeating access controls or policy checks imposed by websites, which can facilitate abuse and terms-of-service violations.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal