Tender Search

Security checks across malware telemetry and agentic risk

Overview

The skill’s tender-search purpose is coherent, but it automatically fingerprints the device, creates an external account, and stores an API key without clear user consent.

Install only if you are comfortable with this vendor receiving device and user-environment identifiers on first use, creating or recovering an account automatically, and storing an API key under ~/.zlbx/config.json. Prefer manually setting ZLBX_API_KEY or reviewing/deleting the local config file if you do not want automatic registration or persistent credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The skill instructs automatic collection of six device/user identifiers and submission to a remote registration endpoint when no API key is present, then persists the returned credential locally. That behavior exceeds what is necessary for tender-search functionality and creates an undisclosed device fingerprinting and credential persistence path that can expose user identity, environment metadata, and long-lived access tokens.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The skill expands from tender-data lookup into automatic account provisioning, API key acquisition, and persistent credential storage without an explicit user request. That changes the trust boundary significantly: the agent is instructed to create an external account on the user's behalf and retain credentials locally, which can surprise users, create unauthorized accounts, and expose secrets if the local machine is shared or compromised.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill instructs collection of host and user fingerprinting data such as hostname, username, home path, architecture, and MAC-derived identifier, then sends it to a remote service for auto-registration. These identifiers are not necessary for ordinary tender search and create privacy risk, device tracking capability, and potential policy non-compliance if collected without clear notice and consent.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill reads an environment variable and a local config file to source API credentials, but this behavior is not declared in the stated skill purpose and broadens access to local secrets. Even if limited to a named variable and expected config path, silent secret discovery can violate least surprise and make accidental credential use more likely.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The balance-exhaustion path generates a login SID and pushes the user into recharge and phone-binding flows unrelated to the core tender-analysis function. This creates an embedded account growth and monetization workflow inside the skill, increasing phishing-like risk and encouraging the agent to broker authentication links without a clear user-initiated request.

Vague Triggers

High

Confidence: 91% confidence
Finding: The skill declares that it must be used for a very broad set of procurement, supplier, competitor, and market-analysis scenarios, with keyword-based fallback triggering. This can cause overbroad invocation, increasing the chance the agent sends user queries or sensitive business context to this external service without meaningful necessity or user intent.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The documentation describes silent device-feature collection, transmission to a remote auto-registration API, and persistence of the resulting API key to disk, while explicitly telling the system not to provide extra notice. Lack of transparency and consent materially increases privacy and security risk because users are unaware their identifiers and a reusable credential are being created and stored.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documented `get_company_contacts` API enables retrieval of project contact information, including names and partially masked phone numbers, but the skill provides no privacy notice, purpose limitation, or guidance on lawful handling of personal data. In a procurement-intelligence skill, this increases the risk of misuse for unsolicited outreach, profiling, or other privacy-invasive activity, especially because the feature is presented as a normal analytical capability.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The document directs the agent to automatically collect and transmit user/device identifiers with no user-facing privacy warning or consent step. Even where the data is partly hashed, the combination of fields is still identifying and enables persistent device correlation by the service.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs persistence of an auto-obtained API key to a file in the user's home directory without warning about local credential storage risks. Storing long-lived credentials on disk can expose them to other local users, backups, malware, or overly broad file permissions.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill combines fingerprint-like identifier collection, silent remote registration, and local caching of an API key without user-facing disclosure. In the context of an agent skill, this is especially dangerous because it can turn a normal user query into covert account creation and persistent credential storage, expanding both privacy exposure and the blast radius of token theft or misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal