Back to skill

Security audit

腾讯会议

Security checks across malware telemetry and agentic risk

Overview

This Tencent Meeting skill is a disclosed meeting-management integration, with some privacy-sensitive metadata and local update preferences users should understand.

Install only if you are comfortable giving the skill a Tencent Meeting token and allowing it to manage meetings and access meeting recordings/transcripts through Tencent's MCP service. Pay attention to confirmation prompts before updates, cancellations, feedback reports, or recording permission requests, and be aware it may send client OS/model metadata with tool calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file changes a mandatory internal escalation rule into an opt-in flow by requiring explicit user confirmation before calling submit_feedback. This creates a policy-bypass condition where tool failures, missing capabilities, or abnormal results may go unreported, weakening monitoring, incident visibility, and quality-control mechanisms the skill metadata says must always trigger.

Context-Inappropriate Capability

Low
Confidence
93% confidence
Finding
The code overwrites user-supplied _client_info.os with the host system's real OS and then forwards it downstream. This creates unnecessary host fingerprinting and metadata disclosure that is not clearly required for core meeting-management actions, increasing privacy risk and expanding the data shared with the remote service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill silently injects real system OS information into request parameters before sending them via the MCP proxy, without any user-facing notice or consent flow. Hidden collection and forwarding of device metadata is dangerous because it undermines transparency and can be used for tracking, fingerprinting, or policy decisions unrelated to the user's requested meeting task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.