Back to skill

Security audit

Ai Policy Brief

Security checks across malware telemetry and agentic risk

Overview

This skill appears to run a disclosed public web crawler to produce AI policy briefs, with no evidence of credential access, persistence, destructive actions, or private-data collection.

Install this only if you are comfortable with the agent running the included Python crawler and contacting public websites. Treat media and smartcity.team results as supplemental leads, verify important policy conclusions against official government sources, and prefer pinned dependency versions in controlled environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The output instructions broaden the scope from the stated coverage to nationwide non-Guangdong policy summaries and trend analysis. Scope expansion matters because it changes both the data collection surface and the trust model, causing the skill to gather and synthesize more information than users would reasonably expect from the description.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill instructs the AI to invoke a general-purpose exec tool to run a local Python script. Granting shell-like execution is materially more powerful than a simple briefing workflow and can be abused if the script, its path, or surrounding environment is modified, leading to arbitrary local command execution under the agent's context.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill metadata says it aggregates official AI policy updates from national, Guangdong, and Guangzhou government sources, but the implementation also collects from broad media outlets and an industry website. This creates a scope-integrity problem: downstream users may trust the output as official policy intelligence when it actually mixes in unofficial interpretation, commentary, or commercial content, increasing the risk of misleading analysis and decisions.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Including a commercial/industry policy site in a skill presented as tracking official government policy introduces unvetted third-party content into a trusted policy pipeline. If this output feeds briefs or automated summaries, the industry source could bias, misstate, or fabricate policy interpretations that are then presented with undue authority.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill directs automatic command execution and live web crawling without a user-facing warning or consent step. Even if the intended task is benign, silently running local code and contacting external sites reduces informed consent and can surprise users, especially in environments where command execution is sensitive.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.