Back to skill

Security audit

合同规则审阅助手

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it should be reviewed because it uploads sensitive contracts and automatically creates a share link for the review report without a clear opt-in step.

Install only if your organization permits contracts to be uploaded to AnyShare and processed by its review/indexing services. Before running it, confirm the exact file and destination folder, use a least-privileged token, and avoid or revoke generated share links unless sharing the report is explicitly required.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill prominently describes uploading local contracts and generating share links without a clear upfront privacy warning or explicit consent gate. Because contracts commonly contain sensitive commercial and personal data, users may unknowingly transmit confidential files to remote services and expose review outputs more broadly than intended.

Ssd 3

Medium
Confidence
94% confidence
Finding
The feature set explicitly includes generating a share link for the review result, which may contain summarized sensitive contract terms, risks, and confidential business information. Presenting this as a default capability increases the chance of unnecessary disclosure, especially if users assume the output remains private within their workspace.

Ssd 3

Medium
Confidence
95% confidence
Finding
The documented workflow hard-codes share-link generation as a normal terminal step, with no decision point for whether the reviewed contract should be shared at all. For sensitive legal documents, automatic sharing materially increases accidental disclosure risk because it operationalizes publication rather than private processing.

Ssd 3

Medium
Confidence
98% confidence
Finding
The script unconditionally creates and prints a real-name share link for the generated report, regardless of user intent or document sensitivity. This is more dangerous than a mere capability description because it automates disclosure of potentially confidential legal analysis and makes the link immediately visible in output logs or chat history.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SECURITY.md:37