Security audit

旅游意外险

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate travel-insurance automation skill, but it needs review because it can handle purchases, cancellations, refunds, invoices, bearer tokens, mobile numbers, and Chinese ID numbers with weak scoping and local persistence.

Review before installing. Use this only in a dedicated workspace if you are comfortable with an agent storing insurance account tokens and full identity details locally, and confirm payment, surrender, refund, and invoice-red actions carefully. Ask the publisher for privacy, retention, deletion, and data-sharing details before using it with real customer information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list is broad enough to activate on generic commerce and insurance terms such as payment, refund, invoice, and order placement, which can pull the user into a high-risk insurance workflow unintentionally. In this skill, accidental activation is more dangerous than usual because the skill can perform sensitive actions involving identity data, purchases, cancellations, refunds, and invoice operations.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill directs the agent to persist tokens, mobile numbers, identity numbers, and frequent insured persons in a local .agent-state.json file without requiring explicit user consent, data minimization, encryption, or retention limits. This creates a clear exposure path for account takeover and privacy compromise if the workspace is shared, synced, logged, or otherwise accessible.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill includes destructive operations such as surrender, refund, and irreversible red-invoice cancellation, but the top-level skill description and trigger surface do not clearly warn that these actions may change or cancel real insurance and billing records. Combined with broad triggers, this raises the risk of users entering a destructive workflow without understanding the consequences.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The manifest explicitly states that the skill handles insurance ordering and supports Chinese ID-based smart form filling, which implies collection and transmission of highly sensitive personal data, including government ID information. There is no corresponding disclosure about privacy practices, user consent, data sharing with the insurer, retention, or security handling, creating a real privacy and compliance risk in a high-sensitivity domain.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal