医疗器械与耗材寻源-医疗器械招标网

Security checks across malware telemetry and agentic risk

Overview

The skill is instruction-only, but its actual API surface is broader than its medical-device sourcing description and includes business intelligence and contact lookup workflows.

Review before installing. Use this only if you want a broad Chinese procurement-intelligence integration, not just medical-device sourcing. Configure a dedicated API key, avoid sending confidential sourcing plans unless you trust the provider, and instruct the agent to ask before expanding company scope or retrieving contact information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Description-Behavior Mismatch

High

Confidence: 92% confidence
Finding: The documented APIs substantially exceed the declared purpose of medical-device sourcing, pricing trends, and brand analysis by exposing broad company-intelligence capabilities. This creates unnecessary access to unrelated business data and increases the chance of data misuse, over-collection, and off-purpose surveillance beyond user expectations.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The contact-lookup API exposes project contact information that is not justified by the skill’s stated purpose of sourcing medical devices and analyzing bids. Even if partially masked, contact data is sensitive and can facilitate unwanted outreach, profiling, or targeted social engineering against procurement personnel.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: Competitive-intelligence and potential-bidder recommendation features go beyond the manifest’s narrow sourcing purpose and enable strategic market profiling unrelated to simple device price or brand lookup. This broadens the skill into business intelligence and vendor targeting, increasing abuse potential and violating least-privilege expectations.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The documented APIs expose broad procurement intelligence functions such as top purchasers, top suppliers, and generic market aggregation that go beyond the manifest’s stated medical-device sourcing behavior. This creates scope creep: an agent instructed to use this skill for medical-device brand/model lookups could instead access wider business intelligence features, increasing the chance of unauthorized or privacy-sensitive competitive analysis and misuse outside the declared purpose.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The inclusion of top purchaser and top supplier analytics is inconsistent with the manifest’s required behavior, which focuses on querying specific medical-device brands, models, consumables, pricing trends, and brand analysis. This mismatch can enable an agent to collect broader organization- and supplier-level intelligence than users would reasonably expect from the skill description, creating an over-privileged capability surface.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The documented APIs provide broad bid-search and tender intelligence functionality, but the manifest claims a narrowly scoped medical-device sourcing skill with mandatory price-trend and brand-analysis outputs. This mismatch can mislead downstream agents into using generic procurement data as if it were validated medical-device pricing intelligence, causing overcollection of unrelated data, incorrect decisions, and scope bypass.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The expiring-project and opportunity-mining features extend beyond the stated purpose of medical-device sourcing and can be repurposed for competitive intelligence or sales targeting. In a skill presented as a procurement lookup tool, this hidden or under-disclosed capability increases the risk of unauthorized business profiling and policy-violating use.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description says it 'must' be invoked whenever users query specific medical device brands, models, or consumables, and also 'forces' use of price-trend and brand-analysis interfaces. That broad, mandatory trigger can cause over-activation and unnecessary external data access, especially when a user did not request procurement intelligence or when narrower/local reasoning would suffice.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to read `ZLBX_API_KEY` from environment/config and send authenticated POST requests to an external service, but it does not require transparent user notice or consent at the point of use. This creates a real risk of silent credential-backed data egress, where user queries or derived sensitive business intent are transmitted off-platform without clear disclosure.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation instructs automatic expansion from a shorthand company name to all matching headquarters and subsidiaries without user confirmation. This can silently broaden query scope, produce unintended aggregation across entities, and expose more organizational data than the user specifically requested.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documents contact-information retrieval without any privacy warning, consent guardrail, or purpose limitation in the skill description. That omission makes misuse more likely because users and integrators are not alerted that personal or quasi-personal contact data may be surfaced.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal