Back to skill

Security audit

Juhe Telephone Verify

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised Juhe phone real-name verification, but it handles and exposes highly sensitive identity data with weak privacy controls.

Install only if you have a lawful and consented reason to submit this identity data to Juhe. Treat each run as sending full name, national ID number, and phone number to a third party, and avoid shared terminals or saved transcripts unless the script is changed to mask sensitive output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill declares use of an environment variable/API key and instructs running a Python script that performs a remote verification lookup, but no explicit permissions model is declared despite requiring env, file_read, and network capabilities. This creates a trust and review gap: the skill handles highly sensitive PII (name, phone number, ID card) and can transmit it externally, so missing permission declarations reduce user visibility into what data and capabilities are being used.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs transmission of highly sensitive PII—full name, Chinese national ID number, and phone number—to a third-party API, but provides no privacy warning, consent requirements, retention limits, or secure-handling guidance. In a skill specifically designed for telecom real-name verification, this omission is dangerous because it normalizes collecting and sending identity data without documenting legal, privacy, and misuse risks, increasing the chance of unauthorized identity verification, compliance violations, and sensitive data exposure.

Missing User Warnings

High
Confidence
98% confidence
Finding
This script sends highly sensitive personal data—real name, Chinese ID card number, and phone number—to a third-party service without any explicit user warning, consent step, or privacy disclosure at runtime. Even though the transfer is central to the skill's purpose, the data is especially sensitive and is sent as query parameters in a GET request, which can increase exposure through logs, proxies, and monitoring systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.