Back to skill

Security audit

12306 Old

Security checks across malware telemetry and agentic risk

Overview

This skill appears to automate real 12306 account login and ticket purchasing, but it under-discloses the account, purchase, and session-cookie risks.

Review before installing. Use this only for an account you control, avoid storing or sharing generated cookie files, and require explicit confirmation before any purchase or account-changing step. Prefer a version that protects session storage, documents credential handling, and provides dry-run or confirmation safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The client persists authenticated session cookies to a local JSON file in plaintext without access controls, encryption, or user warning. If the file is read by another local user, malware, or inadvertently committed/shared, an attacker may be able to hijack the user's authenticated 12306 session.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly promotes automated login and ticket purchasing for a real ticketing service but provides no warning about account risk, transaction side effects, rate limits, or terms-of-service implications. This can mislead users into running account-affecting automation that may trigger unintended purchases, account lockouts, or misuse of stored credentials.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is too vague to safely determine when this skill should be invoked, especially for a tool related to 12306 and login workflows. Ambiguous invocation boundaries can cause an agent to trigger the skill in unintended contexts, potentially exposing credentials, invoking login flows unnecessarily, or handling sensitive travel-account operations without clear user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation references login scripts and environment-variable configuration but provides no warnings about handling credentials, secrets, or sensitive account actions. In an agent setting, this omission increases the chance that operators or downstream automation will supply secrets insecurely, log them, or run account-affecting operations without understanding the privacy and security implications.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code persists authenticated browser cookies to a JSON file on disk without any access controls, encryption, permission hardening, or user disclosure. Session cookies can often be reused to impersonate the logged-in user, so if the host is multi-user, compromised, or the file is exposed through backups or logs, an attacker may hijack the 12306 session.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly advertises automated login, ticket search, and ticket purchasing, but provides no warning that the tool can perform real account actions or initiate purchases. In an agent skill context, this omission is risky because users or downstream agents may invoke the skill without understanding that it can act on a live 12306 account and cause unintended transactions.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.