Back to skill

Security audit

Tcsl Api Fetcher

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a static API catalog, but several query-style solution mappings point to business-changing, account-changing, or refund endpoints that users should review before relying on it.

Install only if you need a static Tcsl API reference and are prepared to verify endpoint choices manually. Do not let an agent call APIs directly from the solution mapping without checking the underlying API name, path, and effect, especially for delete, create/update, payment, and refund endpoints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The feature labeled as shop information retrieval (获取门店信息) maps to mutating and administrative endpoints such as shop/update plus staff create, list, and delete. This breaks the expected read-only boundary and could let a caller invoke privileged write operations under an innocent-looking retrieval capability, increasing the risk of confused-deputy abuse and unauthorized changes.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The feature labeled as seat/archive retrieval (获取客位档案) includes item unit create and delete endpoints, which are write/destructive operations unrelated to a retrieval-only function. A user or agent invoking a benign-seeming lookup action could unintentionally or maliciously trigger data modification or deletion through this overbroad mapping.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The bill detail query feature (账单明细查询) contains multiple destructive or account-modifying endpoints, including staff delete/create and other administrative APIs, despite being presented as a query function. This mismatch is dangerous because it disguises high-impact actions as read-only access, enabling privilege confusion and broad unintended side effects if the mapping is used by an automated agent.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The employee query feature (员工查询) includes account create and delete endpoints, which are administrative write actions outside the scope of a query operation. This creates a confused-deputy condition where a caller expecting a harmless lookup could gain a path to modify account state or remove accounts.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The POS account query feature (门店POS账号查询) includes shop update, staff delete, and staff create endpoints, mixing read access with privileged mutation. In an agent setting, this is especially risky because a seemingly informational action could be used to alter shop or personnel data without the operator recognizing that write access is involved.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The announcement feature (平台公告) maps to payment, refund, and payment query endpoints, which are financially sensitive and unrelated to announcements. While the surface mismatch is clear, the listed operations appear less directly destructive than explicit delete/admin endpoints, so the impact is somewhat lower but still significant if an agent exposes this as a benign informational capability.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.