Security audit

China Highway Route

Security checks across malware telemetry and agentic risk

Overview

This is a route-planning skill with expected map/API use and a small policy cache, but users should understand the location-data and API-key privacy tradeoffs.

Install if you are comfortable using a route-planning assistant that may send origins, destinations, coordinates, and waypoints to Amap or search services. Configure the Amap key through an environment variable rather than hardcoding it, and verify toll or driving-restriction results against official sources because cached policy data may become stale.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Scope Creep

Medium

Confidence: 95% confidence
Finding: The skill documentation instructs use of an API key via the AMAP_WEBSERVICE_KEY environment variable, while the manifest declares no required environment variables. This mismatch can cause insecure operator behavior, such as hardcoding secrets into code or configuring them ad hoc outside the intended permission model, weakening secret handling and deployment transparency.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger conditions include broad everyday keywords such as '路线', '怎么走', and '多少高速费', which can cause the skill to activate in contexts the user did not intend. Over-broad invocation increases the chance of unnecessary collection of location and vehicle-plate information and can route user queries to a capability that persists data locally.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill specifies saving search dates and policy conclusions to a local cache file but does not clearly disclose this persistence to the user or obtain consent. In context, the skill handles sensitive travel-related data and vehicle-plate context, so silent local retention can expose personal patterns, especially on shared systems or where workspace files are accessible to other skills or operators.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.