Back to skill

Security audit

CMCC Digital Credential

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for CMCC authorization, but it stores and can expose reusable app credentials and phone-number data in ways users should review before installing.

Install only if you trust this publisher and the CMCC test endpoint. Use limited-scope credentials, avoid showing appKey with the get command, protect or delete memory/cmcc-digital-credential.json after use, rotate the key if it appears in logs, and confirm that sending the phone number to the CMCC authorization service is acceptable for your use case.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to persist highly sensitive credentials (appId and especially appKey) into a local memory file, but it does not require explicit user consent, secure storage controls, or a warning that the secret will remain on disk for future reuse. In an agent environment, local memory may be readable by other skills, logs, backups, or users on the host, so silent persistence materially increases the risk of credential theft and unauthorized API use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs collection of a user's phone number and transmission of authorization data to an external service, but does not require an explicit privacy notice or consent flow explaining what data is sent, to whom, and for what purpose. Even if HTTPS is used, the omission creates privacy and compliance risk because users may not understand that personal data and authorization metadata are being shared with a third-party endpoint.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persists sensitive credentials, including appKey, to a predictable JSON file on disk without warning, access control checks, or protective storage measures. If the host is multi-user, backed up, synced, or later inspected, the secret can be exposed and used to impersonate the agent or access associated services.

Missing User Warnings

High
Confidence
99% confidence
Finding
The get command can print the stored appKey directly to stdout, which is dangerous because terminals, shell history, logs, process capture tools, CI systems, and clipboard workflows may expose it unintentionally. A leaked appKey can enable unauthorized use of the credentialed service and full compromise of whatever permissions that key grants.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script accepts the application secret (`--appKey`) and a phone number (`--phoneNo`) directly as command-line arguments, which can expose sensitive credentials and personal data through shell history, process listings, audit logs, and job runners. In a credential-authorization workflow, this context makes the issue more concerning because the data includes both authentication material and PII tied to a sensitive operation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.