Back to skill

Security audit

便捷旅行预订

Security checks across malware telemetry and agentic risk

Overview

This appears to be an incomplete hotel-search aggregation skill rather than a harmful one, with clear hotel-provider intent but weak disclosure and reliability caveats.

Install only if you are comfortable with a hotel-search tool that may query several third-party travel providers for city, date, and keyword searches. Treat this version as a scaffold or demo: verify prices and availability directly, and do not provide payment, account, or traveler details through it because booking is not actually implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill explicitly requires calling multiple external platform APIs to retrieve real-time hotel data, which implies network access, yet no corresponding permission declaration is present. This creates a governance and transparency gap: the runtime may grant broader access than users or reviewers expect, and the skill could make outbound requests to third-party services without clear authorization boundaries.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger condition is broad enough that the skill may activate for any hotel-related request, even when the user did not ask for cross-platform aggregation or external querying. Overbroad invocation increases the chance of unnecessary third-party data access, unintended booking flow initiation, and user confusion about why multiple providers are being queried.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.