探店搭子

Security checks across malware telemetry and agentic risk

Overview

This food recommendation skill sends the location you provide to Baidu Maps for nearby restaurant lookup, which matches its stated purpose and is disclosed in the artifacts.

Install only if you are comfortable sending the address, landmark, or area you type, plus food search terms, to Baidu Maps. Prefer a neighborhood or landmark over an exact home address, and use a restricted Baidu Maps API key in BAIDU_MAP_API_KEY.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill describes capabilities that access environment variables, local files, network endpoints, and Python execution, but it does not declare corresponding permissions. This creates a mismatch between what the skill can do and what reviewers or users are told it will do, weakening sandboxing and informed consent around sensitive operations.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The workflow instructs collecting a user's location and sending it to Baidu APIs, but it does not require an explicit privacy notice and opt-in before transmitting that location to a third party. Location data is sensitive personal information, and sending it externally without clear consent increases privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill sends user-provided address/location data to an external map service for geocoding and nearby search without any explicit consent flow or privacy notice. Location data is sensitive personal information, and transmitting it to a third party can expose users to privacy risks, especially in an agent setting where users may not realize their input leaves the local environment.

External Transmission

Medium

Category: Data Exfiltration
Content: ### 步骤2：解析位置 + 确认 - 调用百度地理编码API，将用户输入的地址转换为经纬度坐标 - API端点：`https://api.map.baidu.com/geocoding/v3/` - 确认定位结果，如："定位到杭州西湖断桥附近，对吗？" - 如果定位失败，请用户重新描述或提供更具体的位置
Confidence: 95% confidence
Finding: https://api.map.baidu.com/

External Transmission

Medium

Category: Data Exfiltration
Content: ### 步骤5：查询餐厅 - 调用百度地图周边搜索API - API端点：`https://api.map.baidu.com/place/v2/search` - 参数： - `ak`: API Key - `query`: 搜索关键词（根据用户选择的美食类型）
Confidence: 94% confidence
Finding: https://api.map.baidu.com/

External Transmission

Medium

Category: Data Exfiltration
Content: 将地址转换为经纬度坐标 ``` GET https://api.map.baidu.com/geocoding/v3/ 参数： - ak: API Key - address: 用户输入的地址
Confidence: 93% confidence
Finding: https://api.map.baidu.com/

External Transmission

Medium

Category: Data Exfiltration
Content: 根据坐标搜索附近餐厅 ``` GET https://api.map.baidu.com/place/v2/search 参数： - ak: API Key - query: 搜索关键词（如"美食"、"火锅"、"日料"）
Confidence: 93% confidence
Finding: https://api.map.baidu.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal