Back to skill

Security audit

GPDR-Compliance(GPDR合规工具)

Security checks across malware telemetry and agentic risk

Overview

This GDPR compliance skill mostly does what it says, but it needs review because its safety checker runs local scripts and its tools can save sensitive compliance answers to disk with limited disclosure.

Install only if you are comfortable reviewing and running local Python scripts. Use a virtual environment, run it on non-sensitive sample data first, avoid entering personal data or confidential security gaps into interactive prompts, and treat generated reports as sensitive local files. Do not rely on its output as legal advice, and review the missing external compliance_core dependency before using gdpr-check.py.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
for cmd in test_commands:
            try:
                result = subprocess.run(
                    cmd,
                    capture_output=True,
                    text=True,
Confidence
93% confidence
Finding
result = subprocess.run( cmd, capture_output=True, text=True, timeout=10 )

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill claims to be 'pure local' and 'no network requests', but the static analysis detected capabilities consistent with file read, file write, network, and shell usage while no permissions are declared. This mismatch is dangerous because it can cause the host agent or user to trust the skill more than warranted, enabling unexpected command execution or data access beyond a documentation-only compliance tool.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This finding is valid: the checker executes gdpr-check.py, data-subject-rights.py, and cross-border-transfer.py during a safety audit. That gives the 'security check' script the ability to trigger arbitrary behavior contained in those files, undermining the expectation that a local GDPR audit only inspects content. In a hostile skill package, an attacker could hide payloads in those helper scripts and rely on the checker to run them.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger keywords are broad enough that the skill may activate on generic privacy/compliance conversations, not just explicit requests to run this GDPR tool. Over-triggering is risky because a skill with file/shell-capable components could be invoked in contexts where the user only wanted advice, increasing the chance of unintended tool execution or data exposure.

Vague Triggers

Medium
Confidence
80% confidence
Finding
A second broad keyword section again lacks activation boundaries and exclusion conditions, reinforcing the chance of accidental invocation. Repeated ambiguous triggers make the skill more dangerous in context because the document also references scripts and report generation, so misfires could lead to unnecessary local file operations or command execution attempts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
In interactive mode, the tool collects free-form user responses about an organization's GDPR posture and then writes them verbatim into a JSON report. Those responses can easily include sensitive internal compliance details, personal data, or security/process gaps, and the script gives no warning, redaction, minimization, or access-control guidance before persisting them to disk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The subprocess-based functional tests are performed without any explicit user-facing warning at the point of execution. That is dangerous because users may reasonably expect a 'security check' to be non-executing; instead it will run bundled scripts that could modify files, access local secrets, or perform other local actions. Lack of disclosure materially increases the chance of unsafe use.

Known Vulnerable Dependency: jinja2==3.1.0 — 10 advisory(ies): CVE-2025-27516 (Jinja2 vulnerable to sandbox breakout through attr filter selecting format metho); CVE-2024-56201 (Jinja has a sandbox breakout through malicious filenames); CVE-2024-22195 (Jinja vulnerable to HTML attribute injection when passing user input as keys to ) +7 more

Critical
Category
Supply Chain
Confidence
97% confidence
Finding
jinja2==3.1.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.