Security audit
Fxiaoke Sales Record Publish
Security checks across malware telemetry and agentic risk
Overview
The packaged files are a harmless space-login demo, but the listing advertises cookie-based CRM publishing, so the skill needs review before users rely on it.
Review this package carefully before installing for any real CRM workflow. Do not provide CRM cookies, sessions, or account access unless the publisher supplies matching CRM-specific code and documentation that explains exactly what data is read, what records can be posted, what approval is required, and how access can be revoked.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
