Security audit

一个自动化的菲律宾海关编码（HS Code）查询工具，帮助出口商快速找到正确的商品分类编码。｜

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Philippines HS-code lookup helper that opens a browser, downloads public tariff PDFs, and searches them locally; the main caveat is a weaker fallback download path.

Install only if you are comfortable with a skill that installs Python/browser dependencies, opens Chromium, contacts the Philippines Tariff Commission and Google Drive, and saves PDFs locally. Prefer verified downloads where possible, and be aware that the wget fallback weakens TLS verification if triggered.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: # For large files, use wget which handles confirmations better try: download_url = f"https://drive.google.com/uc?export=download&id={file_id}" result = subprocess.run([ "wget", "--quiet", "--no-check-certificate", "-O", output_path, download_url ], capture_output=True, timeout=120)
Confidence: 95% confidence
Finding: result = subprocess.run([ "wget", "--quiet", "--no-check-certificate", "-O", output_path, download_url ], capture_output=True, timeout=120)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documentation instructs use of local files, shell commands, and outbound network access, but no permissions are declared. This creates a transparency and governance gap: an agent or reviewer may underestimate the skill's operational reach, increasing the chance of unintended file access, command execution, or external downloads without proper policy controls.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The skill's stated behavior does not match its actual workflow: it downloads content from Google Drive, relies on browser automation and shell tools, and claims image support that is not actually implemented. Description-behavior mismatch is dangerous because users and orchestrators may grant trust or invoke the skill under false assumptions, enabling unexpected external access and potentially unsafe automation paths.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.