Contract Renewal

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed contract-renewal automation that reads a specific business Excel workbook and sends expected renewal alerts to a configured WeCom webhook.

Install only in an environment authorized to process the named tenant workbook. Configure the WeCom webhook carefully, limit it to the intended internal group, and verify that automatic scheduled checks and workbook writes match your approval process before enabling daily use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly uses sensitive capabilities—local file access to a real Excel workbook and outbound network delivery via a WeCom webhook—yet no permissions are declared. This creates a dangerous transparency and consent gap: operators may authorize or deploy the skill without understanding that it reads real tenant data and can transmit it externally.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The documented purpose understates the effective behavior surface: the skill not only analyzes renewals but also includes autonomous scheduled processing, external alert delivery, and references to broader workflow side effects. When behavior exceeds the declared scope, users and administrators cannot accurately assess privacy, operational, or exfiltration risk, which is especially serious because the data source is a real business ledger.

Description-Behavior Mismatch

Medium

Confidence: 86% confidence
Finding: The documentation presents a narrower data scope than the code actually uses; the code reads additional energy and repair worksheets to enrich tenant profiles. This is a data minimization and transparency issue because extra operational and potentially sensitive tenant information is processed without being clearly declared to users or reviewers.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill is designed to automatically read real customer contract and profile data, then push renewal alerts through WeCom, but it does not provide a clear user-facing warning about data processing or external disclosure. That omission increases the chance of unintentional privacy breaches, especially since tenant financial, service, repair, and contract information are aggregated into alerts.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The documented cron job causes proactive daily processing of contract data and plan generation, yet the skill does not warn operators that it will run automatically on real business records. Silent autonomous processing increases operational and privacy risk because actions may occur without contemporaneous user awareness or review.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The code automatically sends renewal warning notifications via the sender component for all matched customers, with no visible consent, approval step, audience restriction, or privacy notice in this file. Because the payload includes customer identifiers, room numbers, contract expiry timing, and business-status-related fields, accidental or unauthorized outbound disclosure of sensitive business information is possible.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: Progress updates are sent externally through the sender component immediately after updating plan state, but the code shows no confirmation, disclosure, or validation of what data is being transmitted and to whom. In a contract-management context, renewal progress can contain commercially sensitive negotiation status, making unintended disclosure more dangerous than in a low-sensitivity workflow.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The code transmits customer and contract-related content to an external WeCom webhook, but there is no visible consent, disclosure, data-classification check, or minimization before sending. In a contract-renewal skill, these messages can contain tenant names, room numbers, plan details, and progress data, creating a real data-leakage risk if the webhook is misconfigured, over-broad, or points to an unintended group.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal