Back to skill

Security audit

hkroute

Security checks across malware telemetry and agentic risk

Overview

This skill coherently provides Hong Kong transit routing and uses disclosed network calls, an API key, and a local ETA cache for that purpose.

Install this if you trust the publisher and need Hong Kong public transit routing. Use a restricted Google Maps Directions API key, expect origin and destination data to be sent to Google and public/operator ETA services, and be aware that generic travel prompts may activate the skill unless your agent limits it to clear Hong Kong transit requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
These triggers are broad, generic travel phrases such as 'How do I get to' and 'best way to get to', which can match ordinary conversation and invoke the skill unexpectedly. Unintended activation can cause unnecessary external API calls using the configured API key, expose user-provided location data to third-party services, and interfere with correct skill routing.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The implicit activation guidance tells the agent to activate on loosely defined intent 'even without using /hkroute' and on phrases like 'how do I get to' in a Hong Kong context. That ambiguity increases the chance of processing unrelated user messages as routing requests, leading to unintended location handling, unnecessary third-party API requests, and possible privacy leakage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/hk-route.cjs:10362

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/hk-route.cjs:13056