Back to skill

Security audit

cn-global-compliance

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate compliance helper, but its legal/compliance capability claims are broader than the bundled implementation supports and one helper script contacts an external API.

Install only if you want a high-level checklist for China-outbound product compliance. Do not treat it as current legal advice or a complete market audit, verify jurisdictions independently, and avoid sending sensitive product details to the linked web/API service unless you trust that endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill advertises an executable shell script and API-backed workflow while declaring no permissions, creating a capability/permission mismatch. In an agent environment, undeclared shell access can lead to unexpected command execution paths, external network interaction, and a larger attack surface than users or orchestrators expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill claims materially stronger compliance-analysis capabilities than are substantiated, including API-backed coverage, real gap analysis, remediation planning, and checklist functionality. This can mislead users into relying on incomplete or inaccurate assessments for legal/compliance decisions, producing unsafe business actions and false assurance.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill metadata promises an API-backed regulations database and real backend, but this script relies entirely on a static hardcoded ruleset. In a compliance tool, this mismatch is dangerous because users may make legal or launch decisions assuming the results are current and authoritative when they are not, creating a material integrity and trust risk.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest advertises broader geographic coverage than the code actually supports, while the script only handles a limited set of hardcoded market codes. In a compliance context, omitted jurisdictions can lead to false reassurance that a product is covered for markets such as the UK or Australia when no checks are actually performed.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script presents a list of regulations and rough estimates but does not actually assess existing controls, identify gaps, or generate a remediation roadmap as claimed. This can mislead operators into treating a superficial checklist as a substantive compliance assessment, increasing the chance of legal, privacy, and operational failures.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Overly broad trigger phrases can cause the skill to be invoked for generic privacy, compliance, or international-launch queries beyond its validated scope. That raises the risk of unintended routing, user confusion, and inappropriate reliance on specialized guidance in contexts the skill does not actually handle well.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill hard-codes a Chinese-company specialization without user choice or clear limits, which can bias outputs and misapply region-specific assumptions to other users. In compliance contexts, such scoping errors may lead to omitted obligations or irrelevant recommendations, reducing reliability of the advice.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script makes outbound requests to a third-party API endpoint automatically based on user input, but gives no notice that data will be transmitted off-host. In a compliance-focused skill, users may reasonably assume a local audit helper; undisclosed network access can leak query contents, metadata, and usage patterns, and is especially sensitive given the subject matter of regulatory and cross-border data compliance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.