Hong Kong Green Minibus Arrival

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward Hong Kong minibus arrival lookup that calls public transit APIs and caches public transit data locally.

Before installing, be aware that this skill runs local Python code, contacts public Hong Kong transit data services, and stores cached public transit JSON in its own data directory. It does not show credential access or destructive behavior, but maintainers should add explicit network/cache permissions and tighten route and region validation for clearer reviewability.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill invokes a Python script that performs outbound network requests and writes cache files under a data/ subdirectory, yet no permissions are declared in the manifest. This creates a capability/visibility mismatch: hosts or reviewers may assume the skill is low-privilege while it actually reaches external services and persists data locally, increasing the risk of unintended data access, SSRF-like abuse via future code changes, or unsafe file writes if inputs are later mishandled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal