Back to skill

Security audit

chinese-compliance-checker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed compliance-checking skill with a small local checker and an optional external API script, but it is not authoritative legal advice and the external service has limited data-handling disclosure.

Install only if you want an informational compliance helper and optional Tencent-hosted lookup/web services. Do not submit confidential product plans, customer data, legal drafts, unpublished marketing copy, or sensitive data-flow details to the external API or web app unless you have reviewed the service operator, privacy terms, retention, and jurisdictional handling. Treat its results as a starting checklist and verify current requirements with qualified counsel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises an executable shell script but does not declare permissions or provide clear execution constraints. In an agent environment, undeclared shell capability expands the attack surface because the agent may invoke local tooling or scripts without explicit user awareness, enabling unintended command execution paths or data handling outside the expected trust boundary.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The skill materially overclaims API-backed coverage, market support, and analysis depth relative to its documented behavior. For a compliance skill, this is security-relevant because users may make launch, privacy, or data-transfer decisions based on incomplete or inaccurate checks, creating a false sense of regulatory safety and potentially causing downstream legal and operational harm.

Description-Behavior Mismatch

Medium
Confidence
80% confidence
Finding
The documented backend includes banned-word and marketing-content review features outside the stated compliance-audit scope, indicating scope drift and hidden functionality. This is dangerous because users may unknowingly send marketing or product content to an external backend for processing that they did not intend to involve in a compliance-only workflow, increasing privacy and trust risk.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill metadata promises an API-powered regulations database and real backend, but this file uses only hardcoded local rules. In a compliance-focused skill, that mismatch is security-relevant because users may rely on stale or incomplete regulatory output as if it were current authoritative guidance, leading to unsafe business or legal decisions.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest advertises compliance gap analysis and a remediation roadmap, but the script only lists applicable regulations and generic requirements with rough estimates. In this context, overstating capability can mislead operators into believing concrete gaps were assessed, causing missed controls or false assurance before launch into regulated markets.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list is broad enough to match routine privacy or compliance discussions, which can cause the skill to activate in contexts where the user did not request external checking or shell-backed behavior. Unintended invocation is especially risky here because the skill advertises external API usage and scripts, increasing the chance of unnecessary data exposure or confusing authoritative-sounding compliance guidance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill promotes a real external API backend and executable shell script but does not warn that user or product data may be transmitted to third-party services or processed via local shell tooling. In a compliance context, users may provide highly sensitive business, regulatory, and data-transfer details, so undisclosed outbound transmission directly undermines confidentiality expectations and may itself create compliance issues.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The script makes outbound requests to a third-party API endpoint without notifying the user, documenting what data is sent, or obtaining consent. Even though the current parameter is only a market string, hidden network access in a local CLI tool creates privacy, transparency, and supply-chain risk because user input and execution metadata are transmitted to an external service the user may not expect to contact.

VirusTotal

2/66 vendors flagged this skill as malicious, and 64/66 flagged it as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.