Security audit

保单照妖镜 - 保单权益保障PK擂台

Security checks across malware telemetry and agentic risk

Overview

This insurance comparison skill is mostly coherent, but it should be reviewed because it handles sensitive policy documents, performs external reputation searches, and opens a saved HTML report without clear consent controls.

Install only if you are comfortable processing insurance policy details with this skill. Redact personal identifiers before use, approve any live reputation searches explicitly, and avoid opening generated reports with third-party scripts when they contain real policy data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill describes behavior that writes an HTML report to the user's desktop and opens it in a browser, yet no corresponding permission declaration is present. Undeclared file-write capability breaks least-privilege expectations and can lead to unauthorized file creation or overwrite if the runtime permits execution based on the documented workflow.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented capabilities materially overstate what the skill actually supports, including OCR, LLM extraction, real-time reputation search, visualization generation, and broader file handling. This can mislead users and orchestrators into trusting outputs as if they were based on live analysis, causing unsafe insurance comparisons, incorrect recommendations, or accidental invocation under false assumptions about data provenance and processing.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger conditions are broad enough to activate on generic comparison, recommendation, or insurance-selection requests, which increases the chance of unintended invocation. In a finance/insurance context, overbroad triggering is risky because the skill may respond outside its intended scope, producing misleading policy comparisons or quasi-advisory output without the required inputs or safeguards.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs real-time searches across social media, complaint platforms, and regulatory sources to assess insurer claim reputation, but it provides no privacy, consent, source-trust, or data-handling guardrails. In this insurance-comparison context, those searches can expose or encourage processing of sensitive insurance-related information, and can also pull in unreliable or defamatory user-generated content that may influence recommendations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.