Security audit

获取一嗨租车的租车价格

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OneHai rental-price checker, but it works by automating the user’s logged-in Chrome session.

Install only if you are comfortable letting the skill open Chrome tabs, use your logged-in OneHai session, run JavaScript in that browser context, and process page content locally with tesseract. For lower risk, use a dedicated Chrome profile logged into only OneHai and disable Chrome Apple Events JavaScript after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly relies on the user's logged-in Chrome session and requires Apple Events JavaScript access, which grants powerful browser automation capability over an authenticated session. The metadata description does mention Chrome use, but it does not clearly warn about the sensitivity of using a live authenticated session and enabling Apple Events JavaScript, so users or operators may invoke it without informed consent or understanding of the privacy and account-risk implications.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script uses AppleScript to control the user's logged-in Chrome session, opens OneHai pages, executes JavaScript inside that authenticated browser context, and extracts page contents and booking data without any in-file consent gate, disclosure, or scope limitation. In this skill's context, that is especially sensitive because it leverages live session state and can access account-scoped pricing/inventory information, so silent browser automation materially increases privacy and misuse risk.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The script writes image data derived from the live booking page to temporary files and invokes the external `tesseract` binary to OCR price information, but provides no disclosure that page-derived data will be persisted locally or processed by a subprocess. Even though the temp directory is later removed, this still expands the data exposure surface through filesystem artifacts, crash leftovers, and dependency trust in an external executable.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.