Back to skill

Security audit

🍓 Fruit Pi · 水果派(全球水果·实时价格·水果价格)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed fruit-price tracker that stores a local fruit list and fetches price data from external sources, with no evidence of deception or harmful behavior.

Before installing, understand that price queries can create a local fruit-pool file and may contact market websites, search providers, and an exchange-rate API. Use it for non-sensitive fruit tracking, review or delete the fruit-pool file if you no longer want stored preferences, and be cautious adding private or internal URLs as price sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger set includes generic phrases such as `水果价格`, `全球水果价格`, and `fruit pi`, and the document says 'trigger means execute immediately'. Broad triggers combined with automatic execution can cause the skill to run in conversations where the user did not intend file updates, shell execution, or network fetching.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that on first trigger or when the fruit pool is missing, it will automatically create and initialize `fruit-pool.json`. Automatically creating and modifying user data without an explicit warning or consent can violate user expectations and lead to unintended persistence of preferences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to fetch configured URLs and use web search to locate prices, but it does not clearly warn users that their queries and potentially fruit-pool-derived context may be sent to third-party services. This lack of privacy disclosure is risky because routine use causes outbound data transfer and may expose user interests or custom tracking targets.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.