机票购票助手

Security checks across malware telemetry and agentic risk

Overview

This looks like a hotel search tool, but it is mislabeled, overclaims live booking/search features, and does not clearly control sharing travel details with outside providers.

Install only if you specifically want a hotel aggregation assistant and understand it may be intended to send travel search details to several providers. Do not rely on its prices, availability, room details, or booking claims until the publisher fixes the flight-vs-hotel naming mismatch, documents provider data sharing, declares dependencies, and implements the advertised integrations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill explicitly states it must call multiple external platform APIs and therefore implies network access, but it does not declare corresponding permissions or user-visible authorization boundaries. This creates a transparency and control gap: a reviewer or runtime may underestimate the skill's data egress behavior, increasing the risk of unintended transmission of travel queries and booking-related data to third parties.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill promises multi-platform aggregation, room queries, and booking, but the finding indicates those capabilities are not actually implemented and may rely only on cached hotel details. This is dangerous because users and orchestrators may make decisions based on false assumptions about live availability, pricing, coverage, and booking execution, which can lead to misrouting of sensitive travel data, broken workflows, or deceptive outputs presented as real-time results.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger condition 'when user wants to search hotels' is broad for a skill that may query multiple external providers and potentially initiate a booking flow. Overly broad invocation increases the chance the skill is activated in ambiguous travel conversations, causing unnecessary external data transmission or confusing the user with actions they did not intend to authorize.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill description does not warn users that search criteria, dates, destination, and potentially booking-related information may be transmitted to multiple external hotel platforms. In this context, that omission materially increases privacy and compliance risk because hotel searches can reveal location, travel plans, employer-related itineraries, and other sensitive metadata to several third parties at once.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal