Back to skill

Security audit

NYC MTA Transit

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed NYC transit lookup tool that uses MTA data, an optional bus API key, and a local GTFS cache without evidence of hidden or unrelated behavior.

Install only if you are comfortable with npm installing protobufjs, the skill contacting official MTA endpoints, bus commands sending your MTA BusTime API key to MTA, and the manual GTFS refresh downloading and extracting public transit data into ~/.mta/gtfs. Keep unrelated secrets out of the skill .env file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The skill invokes the local `unzip` binary via `execFileSync` to process downloaded GTFS data. Although the arguments are fixed and not shell-interpolated, this still expands the skill's capabilities beyond simple transit lookup into local process execution, which increases attack surface and could be abused if the downloaded archive or runtime environment is compromised.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/mta.mjs:38