Entur Travel

Security checks across malware telemetry and agentic risk

Overview

This is a public-transit lookup skill with a real input-escaping bug, but its behavior is disclosed, purpose-aligned, and not credentialed or destructive.

Install only if you are comfortable with the skill sending your transit queries to Entur’s public API. Maintainers should add explicit scoped network disclosure for api.entur.io and fix GraphQL construction by using variables, allowlisting enum values, and escaping or validating stop IDs and date strings.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documentation states the script uses the Entur API and therefore performs outbound network access, but the skill has no declared permissions. This is a real security/governance issue because undeclared network capability reduces transparency and can bypass user or platform expectations about what the skill is allowed to do, even though the described purpose is legitimate transit lookup.

VirusTotal

40/40 vendors flagged this skill as clean.

View on VirusTotal