Security audit

Dianping-query

Security checks across malware telemetry and agentic risk

Overview

The skill’s restaurant lookup purpose is mostly coherent, but it appears to direct the agent to use a pre-existing logged-in Dianping account without a clear user consent gate.

Review before installing. The skill should preferably work with public/logged-out Dianping pages, or clearly ask before using any logged-in Dianping session and explain whose account is being used and what account-scoped data may be visible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to use a pre-existing logged-in Dianping account ('一定S') and to proceed with account-contextual access without requiring user awareness or consent. This can expose account-scoped data, browsing history, saved preferences, or other personalized content, and normalizes using a third-party identity that may not belong to the current user.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal