Back to skill

Security audit

Trip.com携程国际版

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill appears useful, but it under-discloses that user travel queries are sent to an external proxy service and may activate more broadly than users expect.

Install only if you are comfortable with your travel questions, including itinerary details, being sent to an external proxy or Trip.com-related service. Prefer using it only for explicit search or booking tasks, and avoid including unnecessary personal details until the publisher documents the outbound destinations, data handling, and consent expectations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares only the bash tool and environment variables, but its execution flow clearly invokes a Python script that sends user queries to an external proxy/Trip.com service over the network. Undeclared network capability weakens transparency and permission boundaries, which can lead to users or platform operators underestimating outbound data flow and privacy exposure.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation scope is broad enough to match ordinary travel-advice conversations, not just explicit booking/search requests. This can cause the skill to trigger unnecessarily and send user queries to external services, increasing unintended data disclosure and reducing user control over when affiliate-linked search behavior is invoked.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends raw user travel queries to a third-party remote proxy endpoint, authenticated with a built-in token, without any user-facing notice, consent flow, or privacy disclosure. Travel queries can contain sensitive itinerary, destination, date, and preference information, and the proxy architecture adds an extra data recipient beyond Trip.com itself, increasing privacy and data-handling risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.