ClawHub

美团外卖

Security checks across malware telemetry and agentic risk

Overview

This Meituan coupon skill matches its stated purpose, but it handles account login tokens and persistent device data in a way users should review before installing.

Install only if you trust this publisher and are comfortable using a Meituan phone/SMS login through the skill. Expect reusable tokens, a persistent device identifier, masked phone data, and coupon history to be stored locally under ~/.xiaomei-workspace unless you set isolated XIAOMEI_AUTH_FILE and XIAOMEI_COUPON_HISTORY_FILE paths. Use logout and clear-device-token when finished, and treat generic coupon prompts carefully because the skill may activate on broad discount-related wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs shell execution, network access, environment-variable handling, and local file writes, including storage of authentication tokens and coupon history, yet no explicit permission declaration is present. This creates a transparency and consent gap: users and hosting agents may not realize the skill can access the network, invoke scripts, and persist sensitive account data locally.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are very broad, such as generic coupon and discount-shopping language, which can cause the skill to activate in contexts where the user did not clearly intend Meituan account-linked actions. Because this skill can initiate login, send SMS verification, and perform account-bound coupon redemption, overbroad invocation increases the risk of unintended sensitive flows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill asks users for a phone number and verification code to authenticate a Meituan account before giving an upfront warning that tokens, phone metadata, and a persistent device token may be stored locally and bound to the device. This is especially sensitive because device binding persists across logout, so users may disclose credentials without understanding the storage and long-term account-linking consequences.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script sends a sensitive user token to a third-party remote service to issue coupons, but there is no explicit consent flow, disclosure, or minimization visible in this file. Even though the transfer appears functionally necessary and uses HTTPS with certificate verification, transmitting authentication material without clear user awareness creates privacy and account-misuse risk if the token is over-scoped, logged, or reused.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal