旅行美食助手

Security checks across malware telemetry and agentic risk

Overview

This travel food skill is coherent and disclosed, but live restaurant searches send place queries to an external map proxy.

Install only if you are comfortable with searched place names, addresses, cuisine keywords, and nearby-search parameters being sent to the skill publisher’s proxy-backed map service. Avoid using it in an environment where PROXY_TOKEN contains an unrelated secret.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill instructs the agent to execute a Python script and explicitly states that query parameters are sent to an external proxy service and then to a map POI service, which confirms network-capable behavior. Because no permissions are declared despite using code capabilities such as network and possible environment access, users and reviewers are not given transparent notice of the skill’s data access and outbound communication, increasing the risk of unintended data exposure or abuse.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: User-supplied location queries are transmitted to an external proxy/geolocation service without any disclosure or consent mechanism. In a travel assistant, location data is especially sensitive because it can reveal itinerary, current whereabouts, and habits, and users may not realize their inputs leave the local skill boundary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal