Security audit

全球旅行预订

Security checks across malware telemetry and agentic risk

Overview

This appears to be an incomplete hotel-search aggregation scaffold, not a harmful skill, but its live pricing and booking claims are overstated.

Install only if you want an experimental hotel aggregation helper. Treat it as incomplete: verify prices, room availability, and booking actions directly with the hotel platform, and avoid sharing sensitive travel or corporate booking details unless you are comfortable with them being sent to multiple providers in a future full implementation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill explicitly requires calling multiple external platform APIs and therefore has effective network capability, but no corresponding permission declaration is present. This creates a trust and governance gap: operators and users cannot accurately assess that hotel queries may send user-supplied travel data to third parties, and policy enforcement may be bypassed or misconfigured.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documented behavior promises live multi-platform aggregation, room queries, and booking, but the analyzed implementation reportedly does not connect to the declared sources and lacks key functions. This mismatch is dangerous because downstream agents or users may rely on the skill for booking or price comparison decisions under false assumptions, leading to deceptive output, unsafe automation, or incorrect transactional behavior.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The formatter tells users they can reply with an index to view room details or price comparisons, but the file implements no corresponding handlers or APIs for those actions. This creates a deceptive interface and can mislead downstream agents or users into assuming capabilities exist, causing workflow failures, incorrect bookings, or unsafe follow-on logic that relies on nonexistent detail/comparison functionality.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The trigger condition 'when user wants to search hotels across multiple platforms or aggregate hotel data' is broad enough to overlap with ordinary hotel-search requests. In an agent environment, this can cause unintended invocation, unnecessary third-party data transmission, and user confusion about whether a simple informational query will perform broad aggregation actions.

Vague Triggers

Low

Confidence: 71% confidence
Finding: The documentation lacks clear trigger boundaries and negative examples, which increases the chance of the skill being selected for adjacent but unintended tasks. While this is primarily a safety and routing issue rather than a direct exploit, it can still lead to over-collection of travel data or execution of actions the user did not expect.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill describes multi-platform API use and unified booking but does not warn users that itinerary details and potentially personal booking information may be transmitted to multiple third-party providers. In a travel context, dates, destination, hotel preferences, and eventual booking details can be sensitive, so missing transparency and consent materially increases privacy and unintended-action risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.