虾虾优惠·全网比价+神券助手

Security checks across malware telemetry and agentic risk

Overview

This is a shopping helper, not malware, but it needs Review because broad triggers can send shopping queries, links, and tokens to a third-party service and return commercial redirect links.

Install only if you are comfortable with your shopping searches, pasted product links, city/category requests, and possible shopping tokens being sent to xiaxiayouhui.xyz. Avoid pasting links or tokens that may contain account, referral, or tracking data, and treat “领券购买” links as external app/site actions that may affect your shopping account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (13)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The FAQ describes very broad natural-language examples that may cause the host AI to auto-invoke the skill on loosely related shopping queries without clear boundaries, exclusions, or user confirmation expectations. In a shopping skill that sends user-entered keywords or links to a remote server, overbroad triggering can unnecessarily disclose user intent and route conversations to an external service more often than the user expects.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The uninstall instructions use a recursive force-delete command on a user-path without any warning, verification step, or safer alternative. While the specific target path is narrower than deleting a home directory, copy/paste mistakes, shell expansion issues, or path edits can still lead to unintended data loss.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README advertises very broad trigger phrases such as '帮我看看', '我想买', and '推荐买什么', which are common conversational inputs and can cause the skill to activate when the user did not specifically intend to invoke a shopping/comparison tool. Unintended activation can leak user queries to the service and create confusing or privacy-impacting behavior, especially because the skill states the backend logs keywords, IPs, and timestamps.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The README says the service records keywords, IP addresses, and timestamps for anti-abuse, but this is disclosed only later in the privacy section rather than near installation and first-use guidance. That incomplete, delayed disclosure weakens informed consent and can cause users to send shopping queries to a remote server without realizing basic network metadata will be retained.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill mandates invocation for a very broad set of common shopping-related phrases, including vague intent such as asking whether something is worth buying. This can cause the agent to route ordinary recommendation or conversational requests to the skill without sufficient user intent confirmation, increasing the chance of unnecessary external calls and unexpected data disclosure to the third-party service.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The fallback triggers capture highly generic purchase-assistance phrases like "I want to buy xx" or "recommend xx," which overlap with many normal assistant tasks. In this skill context, that broad catch-all can hijack benign recommendation flows and push user queries to an external commerce endpoint even when the user did not ask for price aggregation or coupon retrieval.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill prescribes fixed Chinese-language user responses such as specific error text without any language negotiation. While not a code-execution issue, this is a genuine safety and UX concern because it can mislead or confuse users who interact in other languages, especially when the skill is auto-triggered broadly elsewhere in the file.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The rendered output encourages users to click affiliate-style purchase links and references an external aggregation service, but it does not clearly disclose that the user's query and shopping intent are sent to xiaxiayouhui.xyz for processing. This creates a privacy and transparency issue: users may unknowingly share product interests or potentially sensitive shopping terms with a third-party service and be redirected through tracking links.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The example instructs the agent to forward a user-supplied shopping URL directly to an external service without any notice, consent flow, or minimization guidance. Even if the input is 'just a link,' shopping URLs can embed tracking parameters, referral data, campaign IDs, or other user-associated metadata, so silent transmission creates a privacy and data-sharing risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This example similarly sends a user-provided JD product URL to an external API without warning the user that their input leaves the current system. The risk is contextual but real: URLs may contain identifiers or marketing parameters, and the undocumented outbound transfer undermines informed consent and privacy expectations.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The markdown shows sending a pasted 淘口令/token-like string to an external API with no disclosure. Token-like values can be more sensitive than ordinary URLs because they may encode affiliate, account-scoped, campaign, or app-specific state, so forwarding them silently increases privacy and misuse risk.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad enough to match ordinary shopping and local-life queries such as '酒店', '看电影', or '团购', which can cause the skill to activate unexpectedly in normal conversation. In this skill's context, unexpected activation is more concerning because it returns promotional links and encourages actions that may open third-party apps and influence purchases or account-linked coupon claims.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The rendered output explicitly says clicking '领券购买' will automatically open an app and place coupons into the user's account, but it does not present this as a clear warning or consent step before the link is offered. In a commerce-oriented skill, that omission increases the risk of unintended account interaction, affiliate redirection, or user confusion about whether they are staying inside the assistant versus being sent to an external service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal