kuaidi100-user

Security checks across malware telemetry and agentic risk

Overview

This is a coherent courier-assistant skill, but it handles and stores sensitive shipping contact and order data that users should review carefully.

Install only if you are comfortable storing recent sender, receiver, and order information locally and sharing shipment details with Kuaidi100 during lookups or pre-order submission. Review autofilled names, phone numbers, addresses, courier choice, price, and order numbers before confirming, protect the optional API key, and clear ~/.openclaw/kuaidi100-user/data/ if you do not want retained local history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (12)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The invocation text includes broad everyday phrases such as shipping, tracking, pricing, and related courier terms, which can cause the skill to trigger in conversations where the user did not intend to invoke it. Unintended activation is security-relevant here because the skill can access cached personal data and potentially initiate network-backed order workflows.

Vague Triggers

Low

Confidence: 92% confidence
Finding: The example trigger phrase '我要寄快递' is very generic in normal conversation and may activate the skill unintentionally. In this skill, accidental invocation matters because it can start a workflow that retrieves stored sender/receiver details and guides the user toward order creation.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill documents persistent local storage of sender, receiver, and order history, including names, phone numbers, and addresses, but does not present a clear user-facing privacy warning or consent mechanism. This is dangerous because highly sensitive personal data is retained across sessions in a predictable local path, increasing exposure to unauthorized local access, over-retention, or silent reuse.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The complete-mode section says an API key enables server-side address book, tracking, and order management, but does not clearly warn that personal and order data will be sent to a remote third-party API. This omission can mislead users about data flow and consent, especially given the sensitivity of addresses, phone numbers, logistics details, and order identifiers.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The pre-order API collects and transmits substantial personal data, including names, phone numbers, and full sender/receiver addresses, yet the documentation provides no privacy notice, consent expectation, retention guidance, or minimization warning. In a shipping skill, this materially increases the risk of over-collection, unintended disclosure, or sending sensitive PII without clear user awareness.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The documented endpoints expose default sender details and allow receiver lookup from a server-side address book, which can reveal highly sensitive personal contact data. Without a privacy warning or explicit requirement to confirm identity/intent before lookup, an agent could retrieve stored address-book information too casually, increasing account privacy and data-exposure risk.

Missing User Warnings

Low

Confidence: 80% confidence
Finding: Order cancellation is a destructive action that can affect fulfillment and user operations, and the documentation lacks an explicit caution or confirmation requirement. In an agent setting, omission of such guidance can lead to accidental or socially engineered cancellations if the action is triggered without strong confirmation.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The workflow explicitly stores sender, receiver, and order information in local cache, which includes sensitive personal data such as names, phone numbers, and addresses. Without any notice, consent mechanism, retention policy, or guidance on securing local storage, the skill risks exposing users' personal information to other local users, malware, or unintended persistence beyond the user's expectations.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The workflow sends shipping data to remote services for address-book lookup, address parsing, shipping quotes, tracking, and order creation, which involves transmitting personally identifiable information and shipment metadata to a third party. Because the skill does not clearly disclose this data sharing or its scope, users may unknowingly expose addresses, phone numbers, and order history to external systems.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The function persists sender information to disk across sessions without any visible consent, notice, or retention disclosure at the point of collection or write. In this skill context, sender data is likely to include personally identifiable information such as name, phone, and address, so silent storage increases privacy risk, especially on shared machines or environments where users may not expect local retention.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This code stores receiver history locally without a visible warning, even though receiver records likely contain third-party personal data such as names, phone numbers, and addresses. Retaining contact data for up to 90 days without clear disclosure or consent creates a privacy and compliance risk, made more serious by the shipping-assistant context where address-book style data is especially sensitive.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: Order history is written to local storage with no visible disclosure that it will persist across sessions for up to a year. In a logistics skill, order records can reveal shipment patterns, recipient identities, and tracking-related metadata, so undisclosed retention materially increases privacy exposure if the local environment is compromised or shared.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal