vietnamese-contract

Security checks across malware telemetry and agentic risk

Overview

This skill is a Vietnamese legal-document drafting tool with disclosed optional ID-card OCR, so it is usable but requires care with sensitive identity data.

Install only if you need Vietnamese legal-document drafting and are comfortable with optional processing of CCCD/CMND details. Use a virtual environment for OCR dependencies, avoid real ID images unless necessary, confirm before sending extracted text to any AI model, and have important contracts reviewed by a qualified lawyer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill instructs the agent to run shell commands such as npm, pip, python, pandoc, and file-copy operations, but no explicit permissions are declared. This creates a capability/permission mismatch that can cause the agent to execute local commands unexpectedly, increasing the risk of unauthorized package installation, filesystem writes, and command abuse if the skill is invoked automatically.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The public description presents the skill as a contract drafting tool, but the body also performs OCR and extraction of CCCD/CMND identity data, including image processing and JSON export. That mismatch is dangerous because users and orchestrators may invoke the skill without realizing it processes highly sensitive personal data, preventing informed consent and proper privacy controls.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: This file adds a full OCR pipeline for extracting and normalizing CCCD identity data, which materially expands the skill from contract drafting into collection and processing of highly sensitive government ID information. In the context of a legal-document skill, that creates unnecessary exposure of personal data and increases the chance of over-collection, prompt leakage to external models, and misuse of identity attributes beyond what is strictly required for drafting.

Intent-Code Divergence

Low

Confidence: 82% confidence
Finding: The guide gives a reassuring security claim that CCCD images are not sent to the internet, but elsewhere instructs a first-run model download, which can mislead users about network behavior and privacy assumptions. Even if the image itself is not uploaded, inaccurate security messaging around identity-document handling is risky because users may consent based on an incomplete understanding of external connectivity and data exposure.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The file implements OCR extraction of Vietnamese national ID cards and outputs personal identity fields, but the skill manifest describes contract and legal-document drafting with DOCX generation. This mismatch materially expands the skill's capability into sensitive identity-data processing, which can enable undisclosed collection of government-ID data and surprise users or downstream systems that rely on the manifest for trust and scope.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The code parses and labels highly sensitive PII from CCCD/CMND images, including full name, ID number, date of birth, residence, and issuance metadata, without a clear need tied to the declared contract-drafting purpose. In this skill context, hidden or unjustified identity extraction is especially dangerous because it creates a covert data-harvesting path for government-ID information that could be abused for fraud, profiling, or unauthorized storage.

Vague Triggers

High

Confidence: 90% confidence
Finding: The activation text says to always use this skill for virtually any mention of contracts, agreements, NDAs, appendices, minutes, or related legal writing, even when the request is ambiguous. Overbroad triggering can cause the agent to enter a high-risk workflow involving shell commands, web lookup, file generation, and optional ID processing when the user may only want simple advice or translation.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill directs collection and AI-assisted processing of CCCD/CMND data, including OCR extraction, correction, normalization, and JSON output, but does not require an explicit consent notice before handling this highly sensitive identity information. Even though it mentions offline OCR and not storing images, the workflow still processes personal data and may send extracted text to an AI model, creating privacy, compliance, and misuse risks.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script processes and prints highly sensitive identity data directly to stdout with no explicit warning, masking, or guidance about privacy risks. In shared terminals, logs, transcripts, or agent execution environments, this can expose government-ID information to unauthorized viewers or logging systems even when the user did not expect such disclosure.

Missing User Warnings

Low

Confidence: 77% confidence
Finding: The script indicates that the first run will download an OCR model, but it does not clearly disclose that network access and third-party artifact retrieval may occur as part of execution. In restricted or privacy-sensitive environments, undisclosed downloads can violate user expectations, policy, or supply-chain controls, though the direct security impact here is limited compared with the PII issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal