Security audit

City Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a China travel guide skill with some trigger and travel-advice quality issues, but no evidence of hidden execution, credential access, persistence, exfiltration, or destructive behavior.

Install only if you want automatic China travel guidance, and treat visa, entry, emergency, and safety advice as advisory rather than authoritative. Confirm current rules with official sources, and prefer explicit invocation if your agent supports disabling broad auto-triggers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Intent-Code Divergence

Low

Confidence: 87% confidence
Finding: The statement 'This city is very safe, don't worry' is an overbroad safety assurance that can cause users to lower their guard, especially when the same document later acknowledges compliance obligations and emergency scenarios. In a travel-assistance context, unqualified safety claims can mislead first-time visitors into discounting common risks such as scams, theft, or location-specific hazards.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The README indicates the skill activates on any standalone China city name, which is an overly broad trigger and can cause unintended invocation during normal conversation. This increases the chance of prompt hijacking, accidental tool activation, or inappropriate travel advice being injected when the user merely mentions a city rather than explicitly requesting the skill.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The skill claims multilingual support but the documented output structure is entirely Chinese and does not specify language selection, fallback rules, or preservation of the user's language. This can lead to unsafe or unusable compliance, emergency, or travel guidance if a foreign visitor receives instructions in a language they cannot understand.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list contains very broad phrases such as "city guide," "visa free," and general travel-related terms that can cause the skill to activate in loosely related conversations. In a travel/immigration assistant, unintended activation can lead to unsolicited policy guidance or misleading reliance on stale travel information, especially where visa and entry rules are involved.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.