中国汽车产销分析可视化

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a normal dashboard generator, but it presents generated values as real China auto market data.

Install only if you treat the generated dashboard as partially illustrative. Do not use the production-vs-wholesale-vs-retail comparison for business, reporting, or investment decisions unless the skill is changed to fetch all displayed metrics from real sources or clearly labels simulated values.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The dashboard footer and titles claim the report is based on akshare/CPCA data, but the bottom comparison panel fabricates wholesale and retail values using pseudorandom multipliers instead of retrieved source data. This is a data integrity issue: users may treat the synthetic values as authoritative market figures, leading to materially wrong business or investment decisions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal