Back to skill

Security audit

Amap Date Spot

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its date-location purpose, but it under-discloses automatic file creation and extra map API credentials that may be embedded in generated HTML.

Review before installing. Use only coarse locations unless exact routing is necessary, avoid generating shareable HTML unless the Amap JS credentials are safe for client-side use, and treat CSV export as sensitive because it may store private meeting plans locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill says '纯文本输出' but later instructs the agent to also generate CSV and HTML artifacts and inject additional JS API keys into templates. This expands behavior beyond the declared output contract and can cause unintended file generation, secret exposure into generated artifacts, and user surprise about what data is being materialized or shared.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill declares only `AMAP_API_KEY` in metadata, but later requires injecting `AMAP_JSAPI_KEY` and `AMAP_SECURITY_JS_CODE` into HTML templates. Pulling additional secrets from the environment without clear declaration or necessity increases the risk of credential leakage into generated artifacts, especially if those artifacts are shared externally.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill is designed to process one or both parties' location data through external Amap APIs, yet the description does not clearly warn users that sensitive location information will be transmitted to a third party. Because the skill specifically handles meeting-point calculations and travel-time balancing for two people, the privacy sensitivity is elevated.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill first claims text-only output but then states it will automatically generate `date_plan.csv`. Silent local artifact creation can persist sensitive meeting details, addresses, budgets, and behavioral notes without the user's informed consent, increasing privacy and data-handling risk.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The HTML generation path depends on injecting environment-derived API credentials, but users are not warned that generated outputs may embed or depend on such credentials. While this is lower impact than raw secret exfiltration on its own, it still creates transparency and key-management risks, especially if HTML is shared.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.