橙子通API自动化

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is related to inventory automation, but it can alter business records across Orange Office and DingTalk using a live session cookie with limited safety guidance.

Install only if you intend an agent to operate both Orange Office inventory records and related DingTalk inventory tables. Use a least-privileged account, keep the session cookie out of chat logs and transcripts, and require explicit human confirmation before any create, update, delete, or DingTalk table-write action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill is presented as Orange Office inventory API automation, but it also includes substantial instructions for reading and writing DingTalk table data. This expands the skill's operational scope into a second external system without clear boundary, consent, or safety guidance, increasing the risk of unintended cross-system data modification and exfiltration.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documented API surface includes a delete endpoint for stock-out orders, but the skill provides no guardrails such as confirmation requirements, role restrictions, or advice to prefer safer update workflows. In an automation context, exposing destructive operations without friction increases the chance of accidental or unauthorized data loss affecting inventory records.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs use of a live ASP.NET session cookie for authenticated API access and shows the credential format directly in documentation, without any handling restrictions or warnings. Session cookies are bearer credentials; if exposed through logs, prompts, or transcripts, they can enable full account hijacking and unauthorized inventory operations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill gives concrete instructions for writing inventory snapshot records into DingTalk tables, including field mappings and payload structure, but does not warn that this will modify external business records. That omission makes unintended writes more likely and can corrupt operational data if the wrong table, field IDs, or dates are used.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal