工单分派与SLA监控

Security checks across malware telemetry and agentic risk

Overview

This skill is for real work-order automation, but it asks an agent to automatically read and modify a live local Excel ledger and broadcast detailed work-order information without enough access-control or data-handling limits.

Install only in an environment where the agent is authorized to access and modify the named workbook and send WeCom messages. Before use, move the workbook path and webhook into controlled configuration, restrict who can create/query/update work orders, define notification recipients, redact personal or sensitive details where possible, add backups/audit logging, and fix the feedback schema before enabling writes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The skill claims a narrower purpose centered on dispatch and SLA tracking, but it also writes customer feedback data and sends related notifications. This scope expansion matters because it introduces additional processing of potentially identifiable user data without corresponding disclosure, schema controls, or access restrictions.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The document states the worksheet has 13 fields, but the feedback function writes to additional columns for customer rating and comments. This mismatch can cause silent schema drift, data corruption, writes into unintended columns, or accidental exposure if downstream consumers assume the original fixed structure.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill automatically sends work-order details through WeCom notifications and escalation messages, including location, reporter, and problem description, but it provides no privacy warning or disclosure of data sharing. In a real facilities environment, these details can expose identifiable operational and personal information to broader audiences than necessary, especially with @all escalation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill reads from and updates a real local Excel file at an absolute path containing identifiable work-order records, yet the documentation gives no warning about local sensitive data access or modification. In context, this is more dangerous because the file appears to be a live operational ledger on a user workstation, so misuse could disclose or alter production maintenance records.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The manual trigger '检查工单状态' is presented as generally available, but it can return detailed work-order information to whoever invokes it. Without an access-control or privacy warning, unauthorized users may obtain locations, issue descriptions, assignees, and status information that should be limited to support staff or managers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal