Security audit

书店

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only bookstore planning skill with some confusing event-ticketing language, but it does not request access to files, accounts, credentials, code execution, or persistent privileges.

Install only if you want planning help for trendy bookstore visits, and treat ticketing, exhibition, refund, entry, and photography details as suggestions to verify with the venue before traveling or spending money. The main issue is confusing scope, not evidence of malware or credential risk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The skill is labeled as a bookstore recommendation tool, but its body defines functionality for event/exhibition ticketing, admission rules, and venue logistics. This mismatch can cause the orchestrator to invoke the skill for bookstore-related requests while returning unrelated transactional guidance, creating scope confusion and increasing the chance of incorrect routing, deceptive behavior, or abuse of user trust.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The manifest promises bookstore recommendations and route guidance, but the documentation operationalizes a different capability: performance/exhibition discovery and ticket planning. This is dangerous because agent systems rely on manifest/document alignment for safe tool selection; a hidden or mislabeled capability can trigger the skill in the wrong context and produce actions or recommendations the user did not request.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The activation description includes broad phrasing around searching for bookstores or planning related travel, which can overlap with generic travel-planning queries. In the presence of the domain mismatch elsewhere in the file, this broad trigger surface makes accidental invocation more likely and can route unrelated user requests into a mis-scoped skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal