Security audit

施工建材采招助手-鲁班乐标

Security checks across malware telemetry and agentic risk

Overview

This is a read-only procurement API helper, but it exposes broader company intelligence, contact lookup, competitor analysis, and lead-generation workflows than its narrow construction-material pricing description suggests.

Install only if you want a broad Lubanlebiao/ZLBX procurement-intelligence assistant, not just construction-material price lookup. Use a dedicated API key, watch quota usage, avoid confidential procurement research unless approved, and instruct the agent to ask before expanding company searches or retrieving contact information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The documented APIs materially exceed the declared skill purpose. A construction-material bid assistant is expected to query price trends and top brands, but this file exposes broad enterprise intelligence functions, creating capability drift that can enable undisclosed data collection and broader reconnaissance than users would reasonably expect.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The contact-discovery function exposes project contact information, including names and phone numbers, which is outside the stated material-pricing use case. That mismatch increases the risk of unauthorized personal-data access, profiling, or social-engineering support under the cover of a benign procurement assistant.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: Competitor-analysis capability is unrelated to the manifest’s narrow material-price and top-brand assistant role, indicating overbroad access. Such business-intelligence features can be used for reconnaissance on firms and markets beyond the user’s stated task, violating least privilege and user expectations.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: Potential bidder recommendation for tender projects expands the skill from material-price assistance into procurement targeting and supplier recommendation workflows not disclosed in the manifest. This broadening can facilitate off-scope market intelligence and procurement manipulation risks under a misleading skill description.

Description-Behavior Mismatch

High

Confidence: 95% confidence
Finding: The documented APIs only support bid/tender search and expiring project discovery, while the skill manifest says the assistant must query material price trends and top brands/suppliers. This capability mismatch can cause the agent to fabricate outputs, misuse unrelated APIs, or present procurement intelligence as material pricing data, leading to materially incorrect business decisions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation instructs automatic semantic matching of company names and follow-on queries across headquarters and subsidiaries without user confirmation. This can expand a query to multiple legal entities unexpectedly, causing overcollection, inaccurate attribution, and privacy or compliance issues when users intended to inspect only one company.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The contact lookup feature documents retrieval of project contacts and masked phone numbers without any warning, consent, or access-control discussion. Even partially masked contact data is sensitive in context and can support deanonymization, targeted outreach, or phishing if exposed through an assistant not advertised for contact discovery.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.