Back to skill

Security audit

Yunlv Cantonfair

Security checks across malware telemetry and agentic risk

Overview

This Canton Fair lead-generation skill is mostly purpose-aligned, but users should review it because it uses an external API and contact data while its data-flow and retention promises are inconsistent.

Install only if you are comfortable providing a TRADEGPT_API_KEY and using Yunlv's API for lead generation. Treat generated lead lists, emails, phone numbers, LinkedIn profiles, buyer scores, and outreach drafts as sensitive data; confirm where they are stored, what is sent to the API, and how retained files are deleted before using it with real prospect data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The document makes conflicting claims about whether contact information is sent to or handled by the external API. When a skill says sensitive contact data never leaves the local environment but elsewhere states the API structures and returns contact details, users and auditors cannot reliably assess data exposure, creating a serious privacy and compliance risk.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The file claims contact details are not logged or persisted, yet multiple storage-path sections describe saving leads, outreach records, and customer lists locally. This inconsistency can lead to unprotected retention of personal or business contact data, undermining privacy assurances and increasing breach or misuse risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes generic terms such as '参展商', '展会数据', and '展品分类' that are broad enough to activate the skill for ordinary trade-show or exhibitor discussions outside the Canton Fair-specific use case. This can cause inappropriate routing, unnecessary exposure of user queries to the external API, and confusion when the agent invokes a specialized third-party skill in contexts the user did not intend.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.