即时用车

Security checks across malware telemetry and agentic risk

Overview

This ride-booking skill does not appear to steal data or alter your system, but it can present simulated ride bookings and driver details as if they were real.

Review carefully before installing. The main issue is not malware-like behavior; it is that the skill claims real car-service capability while the code appears to generate mock bookings, prices, and driver details. Do not rely on it to book or cancel actual rides unless the publisher provides a real authenticated integration, clear mock/real status labeling, and explicit user confirmation before any transaction.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This adapter exposes state-changing functions such as request_ride, schedule_ride, book_airport_transfer, and cancel_order directly through a generic dispatcher with no confirmation, re-authentication, or policy guard at the execution point. In an LLM tool-calling context, ambiguous prompts, prompt injection, or model mistakes could trigger real bookings or cancellations on behalf of a user without clear consent, making this a genuine transaction-safety issue.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal