Back to skill

Security audit

CCPA-Compliance(CCPA合规工具)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local CCPA/CPRA compliance helper with no network or persistence behavior, but it does run local Python code and depends on a sibling shared module.

Before installing, expect to run local Python scripts and only use it in a directory where the sibling compliance_core module is trusted. Treat generated compliance output as a starting point, not legal advice, and avoid feeding sensitive production data unless you are comfortable with local file reads and report writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
for cmd in test_commands:
                try:
                    result = subprocess.run(
                        cmd,
                        capture_output=True,
                        text=True,
Confidence
93% confidence
Finding
result = subprocess.run( cmd, capture_output=True, text=True, timeout=10

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises 'pure local' and 'no external dependencies', but the documented commands and referenced scripts imply shell execution, file read/write, and even possible cross-directory execution via ../compliance_core/global_check.py without any declared permission model. This mismatch weakens trust boundaries: users or the hosting platform may assume a lower-privilege skill while it can access local files and invoke broader code paths, increasing the chance of unintended data exposure or unsafe execution.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The guide explicitly treats `subprocess` as an acceptable standard-library import while simultaneously presenting the skill as 'pure local', 'zero dependency', and 'highly safe'. Even without network access, `subprocess` enables execution of external binaries and shell commands, so the document materially understates the execution capability and trust boundary of the tool. In a security/compliance skill, that mismatch can cause operators to run the tool with less scrutiny than warranted.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The security-check script includes capability to execute ccpa-check.py, which is not necessary for a purely static compliance/safety validation tool. This makes the checker itself a code-execution vector: users may run it expecting analysis only, but it will execute repository code under their privileges.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The module advertises verification of 'pure local operation' and avoiding system modification, yet it still executes external project code through a subprocess. That mismatch is dangerous because it can mislead users into granting trust to a script that is more active than advertised, increasing the chance of unintended code execution.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger keywords include broad privacy/compliance terms such as '数据保护', '美国合规', and 'California privacy', which can cause the skill to activate in unrelated contexts. Over-broad activation can route sensitive user requests into this skill unexpectedly, leading to inappropriate handling of privacy, legal, or compliance content and accidental invocation of local scripts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script runs another program automatically without explicit user confirmation or a user-facing warning at the point of execution. In a security-check context, silent execution is risky because users may believe they are only performing inspection, while repository code is actually being run.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.