Back to skill

Security audit

保单照妖镜 - 保单权益保障PK擂台

Security checks across malware telemetry and agentic risk

Overview

This insurance comparison skill is mostly coherent, but it should be reviewed because it handles sensitive policy documents, performs external reputation searches, and opens a saved HTML report without clear consent controls.

Install only if you are comfortable processing insurance policy details with this skill. Redact personal identifiers before use, approve any live reputation searches explicitly, and avoid opening generated reports with third-party scripts when they contain real policy data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill describes behavior that writes an HTML report to the user's desktop and opens it in a browser, yet no corresponding permission declaration is present. Undeclared file-write capability breaks least-privilege expectations and can lead to unauthorized file creation or overwrite if the runtime permits execution based on the documented workflow.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented capabilities materially overstate what the skill actually supports, including OCR, LLM extraction, real-time reputation search, visualization generation, and broader file handling. This can mislead users and orchestrators into trusting outputs as if they were based on live analysis, causing unsafe insurance comparisons, incorrect recommendations, or accidental invocation under false assumptions about data provenance and processing.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad enough to activate on generic comparison, recommendation, or insurance-selection requests, which increases the chance of unintended invocation. In a finance/insurance context, overbroad triggering is risky because the skill may respond outside its intended scope, producing misleading policy comparisons or quasi-advisory output without the required inputs or safeguards.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs real-time searches across social media, complaint platforms, and regulatory sources to assess insurer claim reputation, but it provides no privacy, consent, source-trust, or data-handling guardrails. In this insurance-comparison context, those searches can expose or encourage processing of sensitive insurance-related information, and can also pull in unreliable or defamatory user-generated content that may influence recommendations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.