机票价格监控与比价

Security checks across malware telemetry and agentic risk

Overview

The available signals do not show malware or destructive behavior, but the referenced script could not be independently verified in the inspected workspace.

Before installing, check whether the skill actually includes scripts/compare.py and whether it clearly discloses any remote proxy endpoints. If present, the publisher should rotate the embedded token and move it to a scoped runtime secret; avoid entering sensitive queries unless you are comfortable sending them to that proxy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: A hardcoded proxy token is embedded directly in source and automatically sent on every outbound request to remote SCF endpoints. If the code is shared, logged, or reused, the token can be extracted and abused to access the proxy service, impersonate this skill, consume quota, or pivot into downstream data collection without the operator's knowledge.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal