Back to skill

Security audit

Fxiaoke Sales Record Publish

Security checks across malware telemetry and agentic risk

Overview

The packaged files are a harmless space-login demo, but the listing advertises cookie-based CRM publishing, so the skill needs review before users rely on it.

Review this package carefully before installing for any real CRM workflow. Do not provide CRM cookies, sessions, or account access unless the publisher supplies matching CRM-specific code and documentation that explains exactly what data is read, what records can be posted, what approval is required, and how access can be revoked.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.