Back to skill

Security audit

kuaidi100-skill-快递100物流查询

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: it queries the Kuaidi100 shipping API, but users should understand that shipment details are sent to that service.

Install only if you are comfortable sending shipment details to Kuaidi100. Avoid providing phone numbers or full addresses unless required, use a dedicated revocable API key if configured, and confirm ambiguous logistics requests before running the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares no explicit permissions even though it uses environment-based secrets and external API access. This weakens reviewability and consent boundaries because operators and users cannot clearly see that the skill depends on secret material and networked data transfer, increasing the chance of silent overreach or unsafe deployment.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger policy is overly broad and says the skill must activate even for casual mentions like '我的快递到哪了', which can cause unintended invocation and automatic transmission of sensitive logistics data to a third-party API. In this context, the skill handles package numbers, phone numbers, addresses, and shipment history, so over-triggering materially increases privacy and data-minimization risk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The skill does not warn users that highly sensitive shipping data—including tracking numbers, phone numbers, addresses, and full logistics history—will be sent to the external kuaidi100 API. Because the instructions also say results should be returned directly and the skill should proactively trigger, the missing disclosure significantly increases the risk of uninformed third-party data sharing.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill sends sensitive shipment-related data such as sender/recipient addresses and delivery timing inputs to a third-party API. Although the transport uses HTTPS, there is no user-facing disclosure or consent mechanism, so users may unknowingly expose personal or commercial location data to an external service. In a skill that is configured to proactively trigger on casual logistics-related queries, this increases the chance of unintended data sharing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Tracking numbers and optional phone numbers are personally sensitive logistics identifiers, and the code transmits them to an external API without warning or consent. Phone numbers are especially sensitive, and combining them with tracking data can reveal shipment status and potentially personal activity patterns. Because the skill description says it must proactively trigger when users casually mention package status, the privacy risk is heightened.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.