Back to skill

Security audit

蛋叔订单商品查询

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple cake-order lookup that sends a user-provided order number to one disclosed API and returns the product name.

Install only if you recognize and trust trade.dangaoss.cn as the intended cake order system. Provide only the specific order number needed, and treat ambiguous order or cake questions as requiring clarification before the agent sends anything to the API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill advertises very broad invocation phrases such as '查订单' and '查蛋糕', which can match ordinary conversation without confirming that the user actually wants this specific internal lookup. That increases the chance of unintended skill activation and unnecessary transmission of order identifiers to the backend API, creating privacy and data-handling risk.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The usage scenarios list ambiguous phrases without boundaries or exclusion logic, so the agent may invoke the skill in contexts where the user is only discussing orders generally rather than requesting an internal API lookup. In this skill's context, mistaken invocation is more concerning because it can send order numbers to a remote internal service and disclose returned order-linked product information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to send order identifiers to a remote API but does not warn about the disclosure of potentially sensitive transactional data or require user awareness/consent. Because the endpoint is external to the conversation surface and the skill notes that it operates without authentication in 'test mode,' accidental or unauthorized lookups become more dangerous and can expose order-associated business information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.