Security audit

Social Security Rights

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed social-security rights guide with a local calculator, with no hidden access, network behavior, or persistence found.

Before installing, treat this as general legal-information assistance, not legal advice. Verify current local social-security rates, time limits, and complaint procedures with 12333, 12348, a local agency, or a qualified lawyer before relying on generated calculations or taking action.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: 这是描述与实际行为不符的情况。描述声称该技能可处理社保断缴/漏缴等多类场景，并提供全国范围的违法研判、查询指引、维权路径对比、材料清单生成、经济补偿计算等广泛功能；但代码仅实现了一个静态的社保补缴金额计算器，支持少数城市费率、计算单位/个人补缴与滞纳金并输出报告。虽然该计算功能属于描述中“经济补偿计算/补缴辅助”的一部分，但代码的实际能力远窄于声明的核心用途，技能的主要目的与描述存在实质性差异，因此应判定为 mismatch。

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal