Back to skill

Security audit

contract-review-cn

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Chinese contract-review skill, but it handles confidential contract text in ways that need careful review before installation.

Install only if you are comfortable with contract contents being processed by the configured AI provider. Redact confidential terms, personal data, pricing, and trade secrets first; avoid broad auto-trigger use for sensitive files; protect config.json; and verify dependencies separately because the referenced requirements.txt is not included in the reviewed artifact set.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The summary explicitly instructs users to configure an API key and use the tool to review contracts, but it does not warn that contract contents may be sent to an external AI provider. Because contracts commonly contain confidential business, personal, and legal data, omission of this disclosure can lead to unintended data exfiltration, privacy violations, or regulatory noncompliance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The quickstart instructs users to configure an API key and submit contract files for review, but it does not warn that sensitive contract contents may be sent to an external model/API provider. Because contracts commonly contain confidential business, personal, or regulated data, this omission can cause users to disclose sensitive information without informed consent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The documented invocation phrases are very broad natural-language requests such as '让我审合同' and '让我出修订对照表', which can easily overlap with ordinary user intent rather than an explicit, unambiguous skill invocation. In an agent platform, this increases the chance of accidental triggering, unintended document processing, or routing sensitive contract content into this skill when the user did not clearly mean to invoke it.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill declares an auto-trigger on any uploaded contract file and broad natural-language phrases without clear scoping, confirmation, or file-type enforcement. In a document-processing skill that may transmit sensitive contract contents to an external model API, overbroad triggering can cause unintended processing and data disclosure when users upload files for other purposes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code sends full contract contents to an external LLM service without explicit consent, warning, redaction, or confidentiality controls. Because contracts commonly contain sensitive commercial, personal, and legally privileged information, this can cause unauthorized data disclosure and compliance violations even if the transport is otherwise legitimate.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The function prints the full extracted PDF text directly to stdout, which can expose sensitive contract contents such as names, payment terms, obligations, and dispute clauses in logs, terminals, or calling environments. In an agent skill context, stdout is often captured centrally, making accidental disclosure more likely than in a standalone local script.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code prints full extracted Word document contents directly to stdout, which can expose sensitive contract data, personal information, or confidential business terms into logs, terminals, or upstream agent traces. In an agent or automation environment, stdout is often captured centrally, making unintended disclosure significantly more likely.

Ssd 1

Medium
Confidence
96% confidence
Finding
Untrusted contract text is interpolated directly into the prompt with no delimiting, instruction hierarchy, or prompt-injection defenses. A crafted contract can embed adversarial text such as instructions to ignore the review task, exfiltrate template content, or produce misleading risk assessments, reducing the integrity of the analysis.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.