Back to skill

Security audit

express-monitor

Security checks across malware telemetry and agentic risk

Overview

This delivery-tracking skill is mostly purpose-aligned, but it stores phone numbers in plaintext despite claiming encrypted storage and gives users incomplete privacy disclosure.

Review before installing. Use it only if you are comfortable with tracking numbers being sent to Kuaidi100 and with phone numbers and delivery history being stored locally in readable JSON. Do not rely on the advertised encrypted phone storage, Feishu sync, or automatic phone-based monitoring unless the maintainer updates the code and documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill describes capabilities that imply file reads/writes and network access, but it does not declare permissions. This creates a transparency and governance gap: users and the platform cannot accurately assess what data the skill can access or transmit, especially since it stores express records locally and queries external logistics sources.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The documented purpose focuses on logistics lookup and phone binding, but the detected behavior includes persistent storage of phone numbers and query history plus local listing functionality that is not clearly disclosed. This mismatch undermines informed consent and can hide privacy-relevant behavior from users and reviewers.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill collects and stores a bound phone number, which is sensitive personal data, without a clear privacy warning about retention, usage, external lookups, or third-party sharing. In this context, binding a phone number may enable retrieval of shipment data from external services, increasing privacy risk and potential exposure of a user's delivery history.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill stores bound phone numbers persistently in a plaintext JSON file under the user's home directory without any explicit notice, consent flow, retention policy, or access controls. Phone numbers are personal data, and local persistence can expose them to other local users, backups, or unrelated tooling that reads the workspace.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Tracking numbers are sent to a third-party courier service API without a clear disclosure to the user. Although this transmission is required for the feature, tracking numbers can reveal purchases, recipients, timing, and logistics relationships, so undisclosed external sharing creates a privacy risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.