Back to skill

Security audit

Mcdonald

Security checks across malware telemetry and agentic risk

Overview

This is a documented McDonald's API helper with expected network and token use, but users should approve coupon-claiming actions and protect their token.

Install this only if you intend to use the mcp.mcd.cn McDonald's service. Store MCD_TOKEN as a private secret, verify the endpoint before sending it, and require the agent to ask before claiming coupons or changing your account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill activates on very broad McDonald's-related queries and is described as the default path whenever users ask McDonald's questions. Overbroad activation increases the chance the agent invokes external network actions and account-linked tooling when the user only wanted general discussion, which can lead to unnecessary data sharing or unintended side effects.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Several trigger phrases are overly generic, such as asking for calories or the date/time, which can appear in normal conversation unrelated to this service. This creates a realistic risk of accidental skill activation and unnecessary authenticated requests to the MCP endpoint, exposing user context or causing unintended remote calls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The 'auto-bind-coupons' operation performs an account-affecting action by automatically claiming all available coupons, but the skill does not require a confirmation or present a warning before doing so. This can cause unintended modifications to the user's account state and may consume one-time offers or alter eligibility without deliberate user consent.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The invocation examples send a bearer token to a remote endpoint but do not prominently warn about credential handling, storage, or leakage risks in the execution path. In agent environments that echo commands, log headers, or expose shell history, this can lead to accidental disclosure of the user's authentication token.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.