Back to skill

Security audit

China Attraction Tickets

Security checks across malware telemetry and agentic risk

Overview

This travel helper sends China travel requests to a disclosed external TripGenie proxy, with no evidence of hidden local access, persistence, or destructive behavior.

Install only if you are comfortable sending travel queries and preferences to the listed proxy service and downstream TripGenie/Trip.com booking flow. Avoid entering sensitive personal details unless needed, and be aware that the hardcoded proxy endpoint and token are not operator-configurable despite the env metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill declares a bash tool and explicitly describes sending user queries to a proxy server and TripGenie API, which implies outbound network access without a corresponding declared permission. This creates a transparency and governance gap: users or platform controls may not understand that prompts are transmitted to external services, increasing privacy, compliance, and policy-enforcement risk.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The keyword list contains broad generic travel phrases such as 'attractions', 'tickets', and 'sightseeing', which could cause the skill to trigger for loosely related user requests. Overbroad invocation can route users into an external-networking skill unexpectedly, causing unintended data disclosure to third-party services or confusing task hijacking from a more appropriate skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script transmits user-supplied travel queries, including potentially sensitive itinerary, hotel, and travel-preference data, to a third-party remote proxy without any clear user-facing disclosure or consent mechanism. In a travel skill context, this can expose personal travel plans and preferences to an external service, increasing privacy and data-handling risk even though transport uses HTTPS.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.