Back to skill

Security audit

VietQR

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent VietQR link generator, with the main caution that generated links can reveal payment details to the external QR image service when opened or previewed.

Install only if you are comfortable using img.vietqr.io to generate payment QR images. Avoid putting unrelated private information in transfer notes, and use raw URLs instead of markdown previews when you want control over whether the external image is fetched.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill instructs the agent to run a bundled Python script that generates VietQR URLs, and the static analyzer detected network-capable behavior despite no declared permissions. Even if the intended behavior is legitimate, undeclared network access reduces transparency and can enable unexpected outbound requests, data exfiltration, or third-party dependency on user-supplied bank/account/payment details. In this context, the skill handles financial transfer metadata, which makes hidden or undeclared network use more sensitive than in a purely local utility.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The function constructs a URL to the external service img.vietqr.io and includes sensitive payment metadata such as bank, account number, amount, transfer note, and account holder name in the path/query string. In a skill context, generating or previewing that URL can cause user financial details to be disclosed to a third party and potentially logged by intermediaries, browsers, or chat clients, especially when markdown image rendering fetches the remote image automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.