Security audit

全球酒店搜索与推荐

Security checks across malware telemetry and agentic risk

Overview

This is a purpose-aligned hotel search skill that calls a cloud hotel API, but users should know their travel search details are sent to an external service.

Install only if you are comfortable sending hotel destinations, dates, budget/preferences, occupancy counts, and optional child ages to the skill publisher's cloud proxy and RollingGo-backed service. Avoid including unnecessary personal details in free-form travel queries. The publisher should rotate/remove the embedded proxy token and add a clearer privacy notice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The file hardcodes a live proxy authentication token while simultaneously claiming no API keys are present. Anyone with access to the code can reuse that token to invoke the backend proxy, potentially consuming paid resources, querying hotel data, or abusing the service until the token is rotated. The misleading docstring increases risk because reviewers may overlook the secret.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README states that the plugin sends hotel searches through a cloud proxy and provides booking links, but it does not warn users that their travel queries may be transmitted to a third-party remote service. Travel requests can contain sensitive personal data such as destinations, dates, family status, and budget, so the lack of transparency creates a privacy and consent risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly states that it must call a real cloud API for hotel search, but the user-facing documentation does not clearly warn that destination, dates, budget, and free-form travel query text may be transmitted to a third-party service. This creates a privacy and transparency issue because users may unknowingly disclose travel plans or personal context to an external provider.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The skill describes cancellation-policy interpretation as automatically converted into readable Chinese, with no mention of preserving the user's language or offering a language choice. This can mislead users, reduce accessibility, and cause misunderstanding of booking terms, especially for international travelers relying on accurate policy comprehension.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The proxy request sends user travel search data, including destination, dates, and potentially occupancy/preferences, to a remote third-party endpoint without any disclosure or consent mechanism in the skill. This creates a privacy and compliance risk because users may not realize their itinerary-related data is being transmitted off-platform.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The concurrent detail lookup sends occupancy information such as adult count, child count, and child ages to the remote proxy service without explicit disclosure. Child-related travel data is more sensitive than generic search terms, so undisclosed transmission increases privacy exposure and may create regulatory concerns depending on jurisdiction.

VirusTotal

65/65 vendors flagged this plugin as clean.

View on VirusTotal