丽思卡尔顿酒店查询与预订

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only Ritz-Carlton hotel search helper that uses an external proxy for live results, with no evidence of credential theft, persistence, purchase execution, or destructive behavior.

Install only if you are comfortable sending Ritz-Carlton hotel searches, destinations, dates, and hotel IDs to the skill’s external proxy service. Treat the booking links as informational and complete any purchase manually on the linked site.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Using the standalone trigger term "丽思" makes activation overly broad because it can match unrelated user requests, causing the skill to run when the user did not intend hotel booking behavior. That can lead to unintended external queries, confusing responses, and unnecessary disclosure of user-provided travel details to backend services. The booking context makes this more sensitive because the skill is designed to fetch live data from external sources.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill sends user-supplied search data, hotel names, dates, and identifiers to a third-party proxy endpoint, and it also embeds a hardcoded proxy token in the source. This creates a real privacy and supply-chain risk because users may not realize their queries are being transmitted to an external service outside the local skill boundary, and the proxy can log or misuse the data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal