Back to skill

Security audit

Biaoshu Writer Tech

Security checks across malware telemetry and agentic risk

Overview

This bid-writing skill is coherent but needs review because it uploads procurement documents and can collect, transmit, and store account and device identifiers.

Install only if you are comfortable sending tender and bid documents to the 招采猫/Biaoshu service. Prefer using an App Key you obtained manually if you do not want device fingerprint trial signup, keep the saved config file private, and avoid using the broad auto-activation path for confidential procurement material unless you have authorization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises operational capabilities that include shell, network, environment access, and local file read/write, yet it declares no permissions. This creates a transparency and consent gap: a caller or host may not realize the skill can download remote files, persist credentials, or manipulate local artifacts, increasing the chance of unintended data exposure or unsafe execution in a more privileged runtime.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The described purpose is bid-writing assistance, but the documented behavior extends into account registration, SMS-based login, device fingerprint collection, credential persistence/deletion, account balance queries, remote file download, task management, and report rendering. This mismatch is dangerous because users may invoke the skill for document drafting while unintentionally authorizing identity-linked account actions, local credential handling, and broader file/network operations than reasonably expected.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The trial flow collects a multi-attribute device fingerprint including hostname, platform, architecture, username, home path, and a hashed MAC address, then transmits it to the remote service. That data collection goes beyond what is necessary for bid-document processing and creates privacy and tracking risk, especially because several fields can reveal personal or enterprise environment details.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest says the skill must be used for essentially any bidding-related request, even when the user did not explicitly choose it. Overly broad activation increases the chance that sensitive procurement documents, credentials, or business data are routed to this skill unnecessarily, expanding exposure and reducing meaningful user choice.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The API documentation instructs collection of device fingerprint fields including hostname, platform, username, home_path, and MAC-derived data to provision trial accounts, but provides no privacy notice, data minimization guidance, retention limits, or user-consent requirements. This creates a real privacy and compliance risk because implementers may collect persistent device identifiers and local-system metadata from end users without transparency or lawful basis.

Missing User Warnings

High
Confidence
91% confidence
Finding
The user guidance advertises a zero-input trial flow, but does not clearly warn at the point of action that device characteristics will be collected and sent for account creation. This undermines informed consent and increases privacy risk because users may trigger tracking-like collection without understanding what is transmitted.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.