Back to skill

Security audit

Billing System

Security checks across malware telemetry and agentic risk

Overview

This billing skill is not clearly malicious, but it can automatically send customer loan and repayment spreadsheets to an external cloud service without a clear consent step.

Install only if you are comfortable with customer billing, loan, repayment, and balance data being uploaded to the listed Tencent SCF service. Before using it, confirm the destination URL, ask the agent to get explicit approval before any upload, and prefer the local/offline workflow for sensitive records unless you trust the service operator and its data handling practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill activates on very broad phrases like '生成对账单' or '制作账单' and then instructs the agent to autonomously register an external account, download files, upload local spreadsheet contents, and unzip results. This creates a real risk of unintended execution on sensitive financial data without adequate scope checks, confirmation, or trust validation of the remote service.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly tells the agent to auto-register an account, download a template, populate it with customer borrowing and repayment data, and POST the file to a third-party cloud endpoint, but it does not require an explicit disclosure or consent flow for data transmission. In a billing context, the uploaded workbook likely contains sensitive financial and customer information, making silent remote transfer particularly dangerous.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.