Mingdao

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Mingdao low-code assistant with visible API examples; the main caution is handling personal data and deletion examples carefully.

Safe to install as a reference skill. Before adapting its examples, keep Mingdao API credentials least-privilege, avoid sharing secrets in prompts, test record update/delete calls outside production, and only send personal identity data to vetted services with proper authorization and data-minimization controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The example code transmits highly sensitive personal data fields (`姓名`, `身份证号`) to an external API without any privacy notice, consent requirement, minimization guidance, or warning about regulatory obligations. In a low-code workflow skill, users may copy this pattern directly into production, creating real risk of unauthorized PII disclosure to third parties.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal