旅行保险聪明买

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language travel insurance guidance skill with no evidence of credential use, data collection, persistence, or unsafe system behavior.

Install this only if Chinese-language travel insurance guidance is appropriate for your users. Treat its recommendations as general information, verify policy terms and claim requirements with the insurer, and note that the Python file may need quoting fixes before it runs correctly.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill is hard-coded to produce Chinese-language content in its docstrings, labels, and returned strings, with no mechanism to honor the user's language preference. This can create a safety and usability issue because users may misunderstand insurance recommendations, exclusions, or claims guidance if they cannot read Chinese, increasing the risk of acting on misunderstood financial or medical-travel advice.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal