Security audit

AI招投标分析师-全网招中标智能分析

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed tender and procurement analysis guide, but it can send business queries to external APIs or web search and includes contact lookup and optional notification workflows.

Install only if you are comfortable sending procurement, company, and market-analysis queries to the provider API and sometimes to web search. Keep ZLBX_API_KEY in an environment variable, avoid using contact lookup for harvesting or unauthorized outreach, and only enable WeChat/email alerts for recipients and schedules that are explicitly approved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The skill explicitly states it will 'automatically dispatch data interfaces' and use '联网增强/WebSearch', expanding behavior beyond the declared tender-bid API into general internet retrieval. This increases data-exfiltration and prompt-injection surface because user queries and derived search terms may be sent to additional third-party services without clear consent or tight scope controls.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The documentation promotes querying company contact information, which can expose personal names and phone numbers tied to projects. In a market-analysis skill, this creates privacy and misuse risk because the collection and downstream use of contact data are not narrowly justified, minimized, or guarded by purpose restrictions.

Context-Inappropriate Capability

High

Confidence: 94% confidence
Finding: The skill advertises creating scheduled push notifications via WeChat/email, but this capability is outside the documented API scope and implies collection of delivery endpoints plus automated outbound actions. That widens the trust boundary from passive analysis to persistent messaging, creating risks of spam, unauthorized notifications, and covert data sharing to external channels.

Vague Triggers

High

Confidence: 93% confidence
Finding: The trigger condition is extremely broad, stating the skill must be used even when users do not mention tenders, as long as topics like procurement, suppliers, competitors, or market share appear. This can cause over-triggering on unrelated business-analysis requests, leading to unnecessary external API use, unintended disclosure of user queries, and bypass of more appropriate narrower skills.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The internet-enhancement logic activates on broad keywords such as '趋势', '分析', '战略', and '预测' without strong limiting conditions. This makes the skill easier to trigger into external browsing on loosely related prompts, increasing exposure to prompt injection from web content and unnecessary outbound transmission of user context.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The company-contact feature handles potentially personal contact information but does not prominently warn about privacy, lawful basis, retention, or misuse constraints. In this context, the danger is elevated because project contact details can be used for unsolicited outreach, profiling, or harvesting at scale.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill says it will automatically use external APIs and internet enhancement, but it does not clearly disclose what user data, company names, or query context may be sent out. This weak transparency increases privacy and governance risk, especially for enterprise users who may assume analysis stays within the declared tender-bid service boundary.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal