Swiggy

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for Swiggy ordering, but its CLI has a real command-injection risk from user-controlled order/search text.

Review carefully before installing. Do not use untrusted or pasted user input with this CLI until the mcporter call is changed to an argument-array API such as execFileSync/spawn. If you proceed, verify the mcporter binary, authenticate only the intended Swiggy account, and review every cart, address, total, and booking before confirming.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill configures three remote MCP servers over HTTP transport endpoints, which means user prompts, order details, and potentially sensitive account or location data will be transmitted to external services. In a consumer ordering skill, that network transmission is expected, but the lack of any explicit user-facing warning or consent language increases the risk of silent data exposure and weakens informed consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal