Security audit

12306 Backup

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward China Railway query skill that contacts 12306 and writes local result/cache files without hidden credential use or unrelated behavior.

Install this if you are comfortable with a China-focused railway query tool making requests to 12306 and saving station cache/result files locally. Review any custom `-o` output path before running so it does not overwrite a file you care about.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Natural-Language Policy Violations

Low

Confidence: 91% confidence
Finding: The entire skill description, usage examples, and parameter explanations are presented only in Chinese, which can amount to a language/locale policy issue when no user opt-in or alternative language is offered. The README does not explicitly state that the skill is intended only for Chinese-speaking users or for a China-specific audience as a documented locale constraint.

Natural-Language Policy Violations

Low

Confidence: 95% confidence
Finding: The generated HTML sets `lang="zh-CN"` and uses Chinese-only labels and timestamps formatted with the `zh-CN` locale. This imposes a specific language/locale on users without any opt-in or configuration, which matches the policy category for language or locale constraints.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.