Security audit

立白龙虾购

Security checks across malware telemetry and agentic risk

Overview

This shopping skill is mostly coherent, but it runs sensitive login, address, order, and payment-related actions through an unpinned external npm command with unclear provenance and broad activation triggers.

Install only if you trust the publisher and can verify `@libydic/mall` is the legitimate Liby mall tool. Use it intentionally for mall tasks, confirm products, prices, points/cash requirements, addresses, and orders before payment, and avoid sharing phone codes or address details unless the login flow and package provenance are clear.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 87% confidence
Finding: The skill says login must only use the auth-start QR flow, but it also documents a direct login step using mobile number and verification code. This inconsistency can cause the agent to collect sensitive credentials in chat and weakens the intended authentication boundary, increasing phishing and credential-handling risk.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list contains broad everyday terms that can activate the shopping skill in unrelated conversations. Because this skill can access account, order, address, and purchase flows, accidental invocation may expose personal commerce context or steer users into unintended transactional actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.