智慧旅行预订

Security checks across malware telemetry and agentic risk

Overview

This hotel booking skill appears incomplete and overstates real search and booking capabilities, but I found no evidence of secret theft, persistence, or destructive behavior.

Treat this as a prototype, not a working hotel booking tool. Do not rely on it for prices, availability, room details, or reservations until real provider integrations, dependencies, privacy disclosure, and explicit booking confirmation gates are added.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill claims real multi-platform hotel aggregation, room querying, and booking support, but the analysis indicates there is no actual data-source integration and core functions return empty results. This is dangerous because downstream agents or users may trust fabricated completeness or operational capability, leading to deceptive outputs, incorrect travel decisions, or unsafe automation assumptions.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger condition activates on generic hotel-search requests, which can cause the skill to run in situations where the user did not ask for cross-platform aggregation or where another narrower skill should apply. Over-broad invocation increases the chance of unintended data access, user confusion, and prompt-routing abuse in agentic systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal