Security audit

途牛酒店预订技能

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed hotel-search and booking integration, but it can create booking orders and send personal information without a strong final confirmation step.

Install only if you trust the Tuniu MCP service and are comfortable providing a Tuniu API key. Before using it for bookings, require the agent to show a final order summary and ask for explicit confirmation before any create-order call that sends names or phone numbers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The search trigger phrases are broad enough that ordinary travel-related conversation could automatically invoke this skill and send user-provided location/date data to an external service via curl. Because the skill performs network actions based on loose natural-language cues, it increases the chance of unintended tool execution and unnecessary disclosure of user query contents.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The detail trigger includes generic phrases like '看一下' and '详情', which are common in normal dialogue and may cause the agent to fetch hotel details without sufficiently clear user intent. Since the action contacts a third-party endpoint and may include previously collected itinerary information, overbroad triggering can result in unintended external transmission and stateful data use.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: Using generic commitment phrases such as '就订这个' or '我要订' as order-creation triggers is risky because they can map casual language directly to a transactional API call that submits PII and creates a booking. In this skill, the consequence is more serious than a normal info lookup because the action can place an order and transmit contact/guest data to an external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.