酒店价格监控与比价

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it ships with a shared backend access token embedded in the code.

Install only if you are comfortable sending hotel names, cities, dates, and related search parameters to the publisher's proxy service. The skill does not appear to steal local data or make bookings, but the embedded shared token should be rotated or replaced with a safer authentication design before broad distribution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: A hardcoded proxy token is embedded directly in source and automatically attached to outbound requests to remote SCF endpoints. Anyone with source access can reuse the token to call the backend proxy, potentially consuming paid resources, impersonating the skill, or accessing downstream travel-platform functionality without authorization.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The hardcoded proxy token is a credential-like secret exposed in normal source distribution, making credential disclosure immediate and trivial. In this skill context, the token gates access to remote hotel-platform proxy services, so leakage can enable unauthorized API usage, abuse of backend infrastructure, and potential billing or quota exhaustion.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal