Back to skill

Security audit

cn-ad-copywriter

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it can automatically send ad copy and campaign metadata to an external Tencent-hosted API without a clear consent or privacy notice.

Install only if you are comfortable sending Chinese ad copy drafts, titles, keywords, and platform details to the listed external service. Avoid using it for confidential client campaigns, unreleased product launches, personal data, or regulated business claims unless the publisher adds clear consent, privacy, and retention controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises executable shell scripts (`check.sh` and `generate.sh`) and network-backed behavior, but no explicit permissions or safety boundaries are declared. This can cause the host agent or user to invoke shell capabilities unexpectedly, increasing the risk of command execution and unintended external calls in environments that rely on declared permissions for trust decisions.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger list includes broad phrases like marketing copy, compliance API, and ad copywriter, which may cause the skill to activate for generic requests outside its narrow intended scope. Over-broad routing can expose user content to unnecessary specialized workflows, including external API usage or shell-backed paths, without the user explicitly asking for them.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill describes a real external API endpoint and executable scripts for checking user-provided copy, but does not clearly warn that submitted content may be transmitted to a third-party service. Users may provide unpublished campaigns, regulated product claims, or sensitive business material, creating confidentiality and data-handling risks if sent off-platform without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script transmits user-supplied ad copy, titles, keywords, and platform metadata to a third-party remote endpoint, but the workflow provides no explicit warning, consent prompt, or privacy notice at the point of transmission. This is dangerous because users may assume a local compliance check while actually disclosing potentially sensitive marketing drafts or client data to an external service.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.