Back to skill

Security audit

Q Erp

Security checks across malware telemetry and agentic risk

Overview

This is a read-only ERP query skill that routes business questions to the q-claw backend, with some broad follow-up behavior users should understand.

Install this only where q-claw access to ERP business data is intended. After an ERP query, short replies such as “ok,” “continue,” or numbered choices may continue the previous ERP query context, so users should be deliberate when responding in sensitive business conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The routing table includes very broad natural-language examples such as generic business-status questions that can match loosely phrased user input and trigger this ERP skill unexpectedly. In an agent environment, unintended invocation can expose enterprise metrics or route unrelated conversations into a sensitive business-data tool path, especially because all matched ERP queries are sent to q-claw as the sole fact source.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The multi-turn fallback treats extremely weak replies like “继续”, “看看”, “ok”, “0”, “9”, or “erp” as sufficient to continue a previously confirmed ERP scene. This creates a confused-deputy risk where incidental, accidental, or maliciously induced short replies can silently re-trigger sensitive data queries, potentially after authorization state changes, without clear user confirmation of scope or intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.