Back to skill

Security audit

Payroll Data Audit

Security checks across malware telemetry and agentic risk

Overview

This payroll audit skill is mostly coherent, but it requires uploading sensitive payroll reports to Feishu and has audit-report consistency problems that users should review carefully.

Install only if your organization explicitly approves sending payroll audit artifacts to Feishu through the current user's account. Review and limit Feishu permissions, confirm the destination tenant and sharing settings, avoid running mandatory delivery on real payroll data until redaction and approval gates are added, and independently verify any generated report before using it for payroll release decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (37)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_cmd(cmd: str, cwd: str = None) -> dict:
    """Run a shell command and return {ok, stdout, stderr}"""
    result = subprocess.run(
        cmd, shell=True, cwd=cwd,
        capture_output=True, text=True, timeout=120
    )
Confidence
96% confidence
Finding
result = subprocess.run( cmd, shell=True, cwd=cwd, capture_output=True, text=True, timeout=120 )

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
Making Feishu upload and document creation part of the documented workflow introduces external dissemination of payroll audit artifacts, which likely contain sensitive employee compensation information. In this context, mandatory delivery to a third-party platform materially increases confidentiality and compliance risk.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill broadens its function from payroll audit into collaboration-platform automation without a strong purpose limitation. That expansion is risky because it adds an unnecessary exfiltration path and increases attack surface beyond what is required to perform payroll validation.

Intent-Code Divergence

High
Confidence
92% confidence
Finding
The documentation contains conflicting control-flow guarantees: one section says red-line findings block further processing, while others state the full pipeline always generates outputs and delivery is mandatory. For a payroll system, this inconsistency can cause blocked or noncompliant data to still be packaged and potentially shared, defeating the stated safety gate.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file reports substantial blue-line trigger counts (e.g., 131, 169, 326) while the embedded judgment metadata for those same rules says triggered=0 and verdict='通过'. This inconsistency can suppress or mislead downstream review, dashboards, or blocking logic, creating an integrity flaw in payroll audit results where anomalous compensation changes may be incorrectly treated as clean.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The footer states the report was generated by payroll-data-audit v5.1 and aligned to SOP v1.0, while the skill metadata claims v7.2 and full 6-step SOP alignment. In a payroll audit context, this version/provenance mismatch can mislead reviewers about which rule set actually produced the report, undermining audit integrity, traceability, and change-control decisions.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The report labels multiple 黄线 findings as 🔴 [红线], which directly contradicts the summary table and changes the perceived severity of payroll exceptions. In a payroll-audit skill, severity labels drive approval/blocking decisions, so this can cause improper escalation, rejected payroll runs, or operator confusion during review.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The visualization renders 黄线 exceptions using red/redline styling, creating a misleading visual signal that overstates issue severity. While this is primarily an integrity/UI issue, in an audit workflow it can bias reviewers and support wrong operational decisions even when the underlying counts are correct.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The report claims that every audit conclusion has supporting data, but many rows omit the rule name, rule description, or rule ID while still presenting pass/warning/block outcomes. In a payroll-audit context, this undermines traceability and creates a real integrity risk: operators may trust or act on blocking/compliance results they cannot independently verify, potentially leading to wrongful payroll decisions or concealment of faulty logic.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The report marks multiple blue-line sections as '✅ 通过' with trigger count 0, yet still lists '触发人员' beneath them. In a payroll audit context, contradictory pass/fail semantics can mislead reviewers into approving anomalous payroll data or overlooking records that require investigation, undermining trust in the audit output.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The '问题清单' states there are 0 issues even though the same report shows 141 red-line and 154 yellow-line exceptions, including a blocking RL-007 failure. In a pre-payroll control workflow, this inconsistency can cause downstream approvers to miss actionable exceptions and proceed with salary issuance despite unresolved high-risk anomalies.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The delivery artifact explicitly contains Feishu document and file URLs for payroll audit outputs, indicating the skill distributes sensitive payroll analysis results to an external cloud collaboration platform. Payroll data is highly sensitive HR/financial information, and publishing links as part of normal operation expands data exposure beyond the stated auditing function and can create unauthorized disclosure risk if access controls, tenancy boundaries, or link sharing settings are weak.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
This file shows the skill has cloud distribution capability in addition to local payroll auditing, including uploading multiple result files and generating externally accessible references. In the payroll context, this materially increases the attack surface because sensitive employee compensation data may leave the intended processing boundary without a clearly justified business need or user-approved data handling policy.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The report claims it is fully aligned with the SOP and automatically generated, but the body contains obvious inconsistencies, including contradictory rule outcomes and implausible aggregate results. In a payroll-audit skill, this can mislead operators into trusting a materially incorrect compliance report and making payroll release or blocking decisions on false premises.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The '审核结论与数据支撑' section presents reassuring statements that conflict with the tabular results, including describing abnormal or blocked conditions as passed or reasonable. This is dangerous because users may rely on the narrative summary over raw tables, causing approval of incorrect payroll, missed investigations, or concealment of red-line exceptions.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The page footer claims the data source is an external JSON file, but the actual payroll audit dataset is embedded directly in the HTML script. This increases accidental exposure risk because sensitive employee audit data is shipped with the page source and becomes accessible to anyone who can view or save the HTML, bypassing expectations about controlled data loading.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The report shows blue-line rules as '✅ 通过' while simultaneously listing '触发人员', creating materially contradictory output in an audit artifact. In a payroll-audit context, such inconsistencies can mislead reviewers, suppress follow-up, or cause incorrect approval/rejection decisions based on an untrustworthy report.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The report states '问题清单(0 项)' despite earlier sections showing 141 red-line and 154 yellow-line anomalies, which is a severe integrity failure in a control report. In payroll review workflows, this can directly hide actionable exceptions and enable erroneous payroll release or noncompliant payments.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The report labels a column as '通过率' but shows 100.0% even for rules with very large anomaly counts, such as BR-001/BR-002/BR-003. In a payroll-audit skill, this is dangerous because operators may trust the displayed rate and approve payroll despite widespread failures, turning a reporting defect into a business-control bypass.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The narrative section states '总额环比正常' while the detailed comparison table marks some related indicators as '⚠️ 需分析', creating contradictory guidance in the same report. In an audit workflow, inconsistent conclusions can mislead reviewers into overlooking abnormal payroll changes or assuming issues were already cleared.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The report states '问题清单(0 项)' while the same document clearly shows 141 red-line blockers and 154 yellow-line warnings, plus named triggered personnel. In a payroll-audit skill, this inconsistency can mislead operators into believing there are no actionable issues, causing approval or distribution of incorrect payroll results despite known blocking exceptions.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
This skill is positioned as a payroll audit tool, but this script adds outbound file-delivery capability to Feishu, enabling transfer of sensitive payroll artifacts outside the local audit boundary. In a payroll context, automatic exfiltration features are materially sensitive because the files likely contain salary and employee data.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script reaches an external system by invoking a CLI to upload files and import documents, which expands the skill from audit/analysis into networked data transfer. Because the processed artifacts are payroll-related, this increases the risk of unauthorized disclosure if triggered in the wrong context or with the wrong operator assumptions.

Intent-Code Divergence

High
Confidence
93% confidence
Finding
The script advertises an independent cross-check against the original audit result, but the loaded audit JSON is never used. In a payroll-audit skill, this can create false assurance: operators may trust a 'secondary verification' report that never validated the prior audit output, allowing erroneous or manipulated audit results to pass undetected.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Automatic upload and message generation for payroll audit outputs are described without a clear privacy notice, data-handling constraints, or sensitivity warning. Because payroll data is highly sensitive, omitting those safeguards can lead to unauthorized disclosure, policy violations, or unsafe operator assumptions about where data remains.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.