Security audit

辩证分析

Security checks across malware telemetry and agentic risk

Overview

The skill performs business analysis, but it can send business topics and constraints to external search providers by default.

Review before installing for confidential strategy, finance, market-entry, or client work. Use it only with topics you are comfortable sending to Tavily, Brave, or DuckDuckGo, modify or disable the default search behavior for sensitive use, use dedicated API keys, and periodically delete the generated local workspace files if retention matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The skill documentation makes a safety claim that it does not execute external scripts, yet elsewhere documents a fallback to the ddg CLI and DuckDuckGo HTML access. This inconsistency can mislead users and reviewers about the actual execution and network behavior of the skill, weakening trust boundaries and potentially causing unsafe deployment assumptions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The runner transmits user-provided topic and constraint-derived search queries to third-party services without any explicit consent prompt or warning. In a business-analysis context, topics, budgets, market plans, or strategy details may be confidential, so silent sharing with external providers can leak sensitive business information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal