Back to skill

Security audit

Ora海关数据分析专家

Security checks across malware telemetry and agentic risk

Overview

This looks like a normal authenticated customs-query integration, but users should understand that it stores and reuses an API key locally.

Install only if you trust the customs service and are comfortable storing its API key locally. Prefer a dedicated, low-privilege key, rotate it if exposed, and avoid using this in shared workspaces unless the config file permissions are controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The client automatically searches for an API key in environment variables and in local files outside the immediate script, then uses whatever it finds for outbound requests. This creates an unnecessary secret-discovery capability relative to a customs query client and can cause unintended credential harvesting or cross-skill secret reuse, especially in shared workspaces.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script silently reads an API key from the environment or local files and sends it as an HTTP header to a remote host without any disclosure or confirmation to the user. Even though the destination uses HTTPS, the undisclosed collection and transmission of credentials increases the risk of secret leakage, misuse of shared credentials, and unexpected authentication against a third-party service.

Ssd 3

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to read API credentials from a local file or environment and transmit them to an external domain during normal operation. This creates a clear secret-handling risk: local credentials may be exfiltrated to a third-party service without strong user consent, boundary controls, or least-privilege protections.

Ssd 3

High
Confidence
99% confidence
Finding
The workflow directs the agent to inspect a local key file and persist user-provided keys into disk storage before making requests. This increases the blast radius of credential compromise by normalizing local secret discovery and persistent storage, which can expose keys to other tools, sessions, or unauthorized reads and enables silent reuse in future requests.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.