Back to skill

Security audit

Meituan Coupon Bot

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Meituan coupon-search helper that calls Meituan APIs and returns purchase links, but users should understand the links may be affiliate or promotional links.

Install only if you are comfortable with coupon searches and optional location details being sent to Meituan's API and with returned purchase links potentially being affiliate or promotional links. The embedded API credentials should be rotated or moved to secure runtime configuration by the publisher.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file advertises and implements a referral/promotion capability in addition to coupon lookup, which exceeds the stated manifest scope of searching and browsing Meituan coupons. Scope expansion is dangerous because it enables affiliate tracking and monetization behaviors the user may not expect, increasing the chance of deceptive redirection or unauthorized promotional actions.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The referral-link command generates affiliate or promotional links from product IDs, raw URLs, or campaign IDs, which is not necessary for a coupon search bot as described. This creates a channel for covert traffic steering, user tracking via sid/actId, and monetized redirection outside the user's apparent intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to perform an initialization step '静默执行,不向用户展示', which creates undisclosed side effects during a conversation. Even if the init is benign, hidden execution reduces user awareness and trust, and could mask network access, environment changes, or telemetry collection without informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file states that API credentials are embedded in scripts/config.json, which indicates secrets are stored inside the skill package rather than injected securely at runtime. Embedded credentials are at high risk of accidental disclosure, reuse, exfiltration, or misuse by anyone with repository or package access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The network helper sends user-supplied search terms, city/location data, product identifiers, raw links, and affiliate parameters to a remote host without any visible disclosure or consent mechanism in the tool flow. In a coupon-search context, location and referral data can be privacy-sensitive and may expose user interests, whereabouts, and click attribution to third parties.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.