Back to skill

Security audit

customer-segment

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a disclosed local customer-segmentation tool, but it can save sensitive banking customer analysis files that users should handle carefully.

Install only in workspaces approved for banking or customer data. Run it on intentional datasets, use a dedicated restricted output folder, consider pseudonymizing customer IDs first, and delete generated CSV/report files when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill writes multiple output files such as CSV, PNG, and Markdown, but no permissions are declared to constrain or make that capability explicit. In an agent environment, undeclared file-write behavior can lead to unexpected filesystem modifications, overwriting existing artifacts, or writing sensitive derived customer data to unintended locations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are broad, including generic phrases like '分析客户' or '客户分群' and any uploaded file with relevant-looking fields, which may cause the skill to auto-activate during ordinary conversation or on unintended datasets. In this financial context, accidental activation is more dangerous because it can process sensitive banking customer data and generate persistent outputs without clear user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script handles sensitive banking customer data and persistently writes detailed outputs (full segmentation results, summaries, charts, and a markdown report) to disk without any consent prompt, minimization, retention control, or warning to the user. In a financial-data skill, this increases the risk of unintended disclosure through leftover files, shared workspaces, backups, or downstream access to generated artifacts containing customer-level information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.