Back to skill

Security audit

旅行预订助手

Security checks across malware telemetry and agentic risk

Overview

This travel-booking skill appears unfinished and may show users fake hotel prices or cancellation terms while presenting them as Booking.com results.

Review before installing. Treat this as a demo or unfinished booking helper unless the publisher replaces the mock implementation with real verified Booking.com API responses, removes unconditional pricing/cancellation claims, documents network and credential handling, and requires clear confirmation before any booking or cancellation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill clearly describes external API usage and reservation operations, which implies network access, but the manifest does not declare a corresponding permission boundary. That creates a transparency and governance gap: operators and users cannot accurately assess what the skill is allowed to do, and hidden or undeclared network behavior is especially sensitive in a booking workflow that may handle personal and reservation data.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The formatted output asserts that prices include taxes and that free cancellation is supported, but the code does not verify either condition from API data. In a travel-booking context, false assurances about pricing and cancellation terms can cause financial harm, user deception, and downstream disputes, making this materially risky even if it is not a system-compromise issue.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill advertises booking creation and cancellation but does not warn that these actions may require transmitting personal data such as guest details and may create, modify, or cancel real-world reservations. In a travel-booking context, lack of explicit privacy and action disclosure increases the risk of users unknowingly authorizing sensitive data processing or transactional side effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file documents API-key authentication and reservation-related endpoints without any accompanying notice about sensitive data handling, consent, or confirmation requirements. Because these endpoints can access or mutate reservation records, omission of privacy and action safeguards is materially risky in this context, where guest identities, itinerary details, and booking status may be exposed or changed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.