Back to skill

Security audit

EastMoney Roadshow Digest (Transcript + Summary)|东方财富路演纪要生成

Security checks across malware telemetry and agentic risk

Overview

This skill coherently processes public EastMoney roadshow replays into local transcript and summary files, with a disclosed optional external LLM enhancement when matching API keys are present.

Install only if you are comfortable with public roadshow transcript text being processed by OpenAI, OpenRouter, or Moonshot/Kimi when those API keys exist in the runtime. For local-only processing, run it in an environment without those keys, keep ffmpeg and Python dependencies patched, and review outputs/run_report.md after each run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill description indicates access to environment variables, file writing, network access, and shell-executed tooling, yet it declares no explicit permissions model. That mismatch creates a transparency and policy-enforcement gap: a host may grant or deny execution based on declared permissions, while the skill can still attempt sensitive operations such as reading API keys, invoking ffmpeg, and sending data over the network.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code conditionally reads API keys from environment variables and, when present, sends transcripts and metadata to external LLM providers for cleaning, summarization, and brief generation. Even though the source material is public roadshow content, the behavior expands the skill's data flow beyond local processing and is not clearly aligned with the stated reliability-first, bounded replay-processing scope; it also creates confidentiality, compliance, and supply-chain risk if users do not expect third-party transmission.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest describes a reliability-first skill for validated public replay URLs and bounded transcript generation, but the implementation adds optional LLM-driven transcript rewriting and summarization. That mismatch matters because users may trust the tool to stay within deterministic/local processing boundaries while it can instead introduce nondeterministic remote processing and external data sharing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The LLM request path transmits transcript content and metadata to third-party APIs without any visible consent prompt or warning in this file. Hidden external transmission is a real security/privacy issue because operators may unknowingly expose processed content, metadata, and workflow details to external services simply by having provider credentials set in the environment.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill allows transcript or cleaned transcript content to be sent to external model services automatically whenever provider keys are detected in the environment. This is a real data disclosure risk because the decision is based on key presence rather than explicit user consent or a data-classification check, so collected content may leave the local environment unexpectedly.

Ssd 3

Medium
Confidence
96% confidence
Finding
This repeated guidance reinforces automatic external transmission of transcript-derived content whenever compatible provider keys exist, normalizing disclosure without affirmative approval. Even if the source page is public, transcripts, cleaned text, and derived summaries may still be sensitive in some deployments, and auto-routing them to third parties expands exposure and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.