Back to skill

Security audit

chip-trade-skills

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate IC quote connector, but its privacy promises understate some customer and inventory data it can send or expose.

Review before installing on sensitive ERP data. Use a dedicated API key, verify the quote API URL, avoid passing real customer identifiers unless you intend them to reach the quote service, and use a reduced inventory export containing only fields you are comfortable exposing to the local agent workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The module documentation states that only part_number, qty, and lang are sent to the remote service, but the implementation also transmits customer_id when provided. This mismatch can cause operators or integrators to disclose customer-linked data under a false privacy assumption, which is a genuine information-sharing risk even though the code behavior is explicit in implementation.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The file-level safety and privacy claims are inaccurate: it states only part number, quantity, and status are extracted, but the implementation also reads and returns package and date_code. In an agent skill context, misleading minimization claims can cause operators to authorize broader local-file access than intended, creating a data exposure and trust-boundary problem even if the extra fields are not monetary data.

Intent-Code Divergence

Low
Confidence
87% confidence
Finding
The broader module narrative presents this reader as a minimal single-record lookup tool, but read_all enables wholesale extraction of an entire inventory file. In a skill environment, that materially changes the data-access scope from targeted retrieval to bulk local data collection, which increases privacy and exfiltration risk if the surrounding agent or downstream systems transmit or store the results.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.