Back to skill

Security audit

Brouter

Security checks across malware telemetry and agentic risk

Overview

This routing skill appears to generate GPX bike routes as claimed, but it retains sensitive route data and permits broader file writes than its purpose requires.

Review before installing. Use only if you are comfortable sharing route endpoints with brouter.de and having route details stored locally in logs. Avoid sensitive home, work, or routine routes unless the skill is patched to use secure transport, disable or redact logs, and confine output to a fixed routes directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly relies on outbound network access to contact brouter.de, but the metadata shown does not declare any corresponding permission. Undeclared capabilities reduce transparency and can bypass user or platform expectations about what the skill is allowed to do, especially because it processes user-supplied route and location data.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill persists structured invocation logs to a stable local file, including caller-supplied options and later request/response details. For a routing skill, this can unnecessarily retain sensitive location and filesystem information beyond the minimum needed to generate a GPX, creating privacy and data-exposure risk if local files are accessed by other users, tools, or future processes.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
This code logs full invocation options to stdout and also stores detailed request context to disk, including start/end coordinates and path-related parameters. In an agent environment, stdout and local logs are often centrally collected, so this broadens exposure of sensitive travel data and operational details without being necessary for the stated skill purpose.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The caller can supply both outputDir and fileName, and the code resolves them directly into an output path before writing the fetched content. That permits writes outside an intended routes directory, enabling overwriting or planting files anywhere the process has permission, which exceeds the narrow purpose of route generation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to transmit origin and destination data to the external brouter.de service without warning the user. Location and route requests can reveal sensitive personal information such as home, work, routines, or travel intentions, so silent third-party transmission creates a meaningful privacy risk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The skill sends precise route coordinates to brouter.de over plain HTTP, exposing location data to interception or modification by network attackers. Because the core purpose is route generation from sensitive origin/destination coordinates, lack of transport security is especially risky in this context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill persists both GPX output and detailed invocation metadata to disk without any clear consent, retention limit, or access-control discussion. Route files and logs can reveal sensitive travel history and destinations, so silent local persistence increases privacy and secondary-exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.