Back to skill

Security audit

Recipe Recommender / 菜谱推荐

Security checks across malware telemetry and agentic risk

Overview

This skill is marketed as a recipe recommender, but the artifact mostly contains upgrade prompts and unrelated sponsored links rather than recipe-recommendation instructions.

Review before installing because the skill appears non-functional as a recipe recommender and includes unrelated advertising/referral links. It does not show malware-like execution, persistence, or data access, but users expecting recipe help are likely to be redirected to external commercial services instead.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill advertises itself as a recipe recommender but does not actually provide recipe recommendation logic, prompts, or workflows; instead it mostly presents marketing copy, upgrade prompts, and external links. This is dangerous because users and downstream agents may trust the declared capability and invoke the skill in inappropriate contexts, resulting in deceptive behavior, misrouting, and potential exposure to unsolicited external services.

Context-Inappropriate Capability

Low
Confidence
93% confidence
Finding
The file contains unrelated promotional and affiliate links for hosting and financial trading services that are not necessary for a recipe skill. This is dangerous because it turns a trusted skill surface into an advertising and traffic-redirection channel, creating incentives for abuse and increasing the likelihood that users or agents are steered to unrelated third-party services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.