银行流水解析，流水报告生成等

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent and disclosed: it uploads user-selected bank statement files to a remote service to generate a report, which is sensitive but aligned with its stated purpose.

Install only if you intend to send bank statement files to the dfwytech/Ziya service. Verify the exact file path before use, avoid exposing ZY_TOKEN in shell history or shared logs, and check the provider’s privacy, retention, deletion, and report-link access practices before uploading confidential financial records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Tainted flow: 'files' from open (line 14, file read) → requests.post (network output)

High

Category: Data Flow
Content: headers["Authorization"] = f"Bearer {final_token}" try: response = requests.post(url, headers=headers, files=files) response.raise_for_status() data = response.json()
Confidence: 97% confidence
Finding: response = requests.post(url, headers=headers, files=files)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill invokes scripts that read an environment variable and perform remote file upload/report generation, which are meaningful capabilities, yet the manifest does not declare corresponding permissions. This weakens transparency and security review because users and platforms are not clearly informed that local files and credentials may be accessed and data may be sent over the network.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill is designed to upload bank statement files, which are highly sensitive financial records, to a remote server, but it provides no privacy notice, consent language, retention details, or data-handling safeguards. In this context, the omission is especially dangerous because users may unknowingly transmit personal financial data outside their local environment.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill requires an API token from the ZY_TOKEN environment variable but does not give any guidance on protecting, scoping, or avoiding disclosure of that credential. Poor credential-handling guidance can lead to tokens being exposed in logs, shell history, screenshots, or shared environments, enabling unauthorized use of the backend service.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script transmits user-supplied file URLs and query text to an external service, which creates a real data exfiltration/privacy risk if users believe processing is local or are not clearly informed that sensitive bank statement data will leave their environment. In the context of a bank statement reporting skill, the uploaded paths and query contents are likely to reference highly sensitive financial data, making undisclosed remote transmission more dangerous than in a low-sensitivity skill.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The code silently reads a bearer token from the ZY_TOKEN environment variable and uses it for authentication without any user-facing disclosure, which can surprise operators and lead to unintended credential use in shared or automated environments. While reading env vars is common practice, in an agent skill this becomes a security concern when sensitive credentials are implicitly consumed and sent to a third-party service.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code uploads local files to a remote server without any in-script disclosure, confirmation, or transparency about transmission, storage, or downstream handling. Given the skill's purpose of processing bank statements, this creates a meaningful privacy and compliance risk because users may provide financial records containing account numbers, names, and transaction histories.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal