Meituan

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only skill for summarizing public Meituan merchant, product, and deal information, with no code or credential access.

Install only if you want help summarizing public Meituan pages. Keep use user-directed, avoid account actions or bulk scraping, and be careful with precise location details because prices and availability can vary by time and region.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The activation text says the skill should be called whenever access to or automation of Meituan-related content is needed, which is overly broad and can cause the agent to invoke this skill outside narrowly defined, safe use cases. Broad routing increases the chance of unnecessary browsing/automation against a third-party platform and may bypass safer, task-specific controls even though the body text later states some limits.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal