Security audit

Bank Statement Reconciler

Security checks across malware telemetry and agentic risk

Overview

This skill performs bank reconciliation, but it should be reviewed carefully because it handles sensitive financial files with under-disclosed PDF parsing, Feishu sharing language, and local report persistence.

Install only after reviewing how it will access input files and where reports will be stored. Prefer testing with non-production data first, avoid PDF inputs unless you trust and can isolate the external parser, and do not send Feishu cards containing real bank or customer data until the publisher documents the exact sharing and retention behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill describes reading uploaded bank statements and orders, exporting Excel output, and potentially invoking additional tooling, but it declares no permissions despite capabilities implying file read, file write, and shell access. In a financial-reconciliation context, undeclared capabilities are dangerous because they can enable silent access to sensitive statements, local files, or command execution without clear user consent or policy controls.

Context-Inappropriate Capability

Medium

Confidence: 77% confidence
Finding: The skill processes user-supplied PDFs by handing them to an external CLI parser, which expands the trust boundary beyond simple file parsing. If the parser binary has a vulnerability or unsafe behavior, attacker-controlled PDFs could trigger code execution, excessive resource use, or data exposure in the host environment.

Context-Inappropriate Capability

Medium

Confidence: 77% confidence
Finding: Order/invoice PDF parsing uses the same external CLI on attacker-controlled files, creating the same elevated attack surface. In a reconciliation skill that invites arbitrary uploads, this increases risk because malformed or malicious documents are a realistic input vector.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README advertises Feishu integration for reconciliation workflows but does not disclose whether bank statement contents, transaction metadata, or reconciliation results may be sent to Feishu. In a finance-oriented skill handling sensitive banking and order data, omission of third-party data-sharing behavior can lead users to expose confidential financial information without informed consent or appropriate compliance review.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This skill processes highly sensitive financial data, including bank statements, payment platform exports, and invoices, and it also supports pushing results to Feishu. Without clear warnings, consent language, or data-handling disclosures, users may unknowingly transmit confidential financial information to external services or broader audiences, increasing the risk of privacy breaches, compliance violations, and unauthorized disclosure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.