Security audit

Yunlv Contract Draft

Security checks across malware telemetry and agentic risk

Overview

This contract drafting skill is purpose-aligned, but it needs review because sensitive contract details may be sent to an external API and retained locally under unclear controls.

Install only if you are comfortable using Yunlv TradeGPT for confidential contract drafting. Use a dedicated API key, avoid submitting unnecessary bank details, signatures, or counterparty secrets, confirm the provider's retention/privacy terms, and clean up local drafts, signed copies, reviews, and logs after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The skill claims contract data is 'not stored on third-party servers' while also authorizing calls to an external TradeGPT API to generate or analyze contract content. Even if the API only processes data transiently, sending sensitive contract text to a third party contradicts the privacy statement and can expose commercially sensitive terms, counterparties, pricing, and banking details.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The manifest presents the skill as a drafting/review tool, but the security section defines persistent storage for drafts, signed contracts, reviews, and logs. This expands the data-handling footprint to include sensitive legal and commercial records, increasing exposure to local compromise, over-retention, and accidental access beyond what users may reasonably expect from the description.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes generic terms such as 'contract', 'MOU', and 'NDA', which can match ordinary conversation and invoke the skill unexpectedly. In this skill's context, accidental activation is more dangerous because the workflow may process or store highly sensitive contract text and send it to an external API.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill allows writing drafts, signed contracts, reviews, and logs to local storage, but the user-facing description does not clearly warn that sensitive contract data may be retained on disk. For contracts, this can include counterparties, pricing, bank details, dispute terms, and signatures, making silent local persistence a meaningful privacy and confidentiality risk.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list includes the very broad English term "contract", which can match many unrelated user requests and cause the skill to activate outside its intended scope. Because this skill handles sensitive commercial/legal drafting, unintended activation increases the chance that users may disclose confidential contract text or receive third-party-generated legal-style output when they did not explicitly request this tool.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The manifest declares an external API and required API key for generating and analyzing contract content, but provides no user-facing disclosure that uploaded contract text may be transmitted to a third-party service. In this context, the data is likely to include confidential business terms, counterparties, pricing, and risk allocations, so silent transmission creates meaningful privacy, confidentiality, and compliance risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal