外卖推荐

Security checks across malware telemetry and agentic risk

Overview

This food-delivery recommendation skill is mostly coherent, but it automatically saves the user’s address, food preferences, and recent order history without clear opt-in, retention, or deletion controls.

Review this before installing if you do not want your address, dietary preferences, budget habits, or order history saved locally for future use. The skill does not show malicious behavior, but users should expect persistent personalization unless the skill is changed to ask before saving and provide a clear way to delete remembered data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to persist a user's address and food preferences in a long-term local memory file, which exceeds the immediate need to recommend nearby restaurants in a single session. Persistent storage of location and preference data creates privacy risk, especially because no retention limit, minimization rule, or explicit opt-in is defined.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: Recording the user's most recent order for future recommendation steering introduces behavioral tracking that is not necessary to fulfill the current request. Even though the data seems less sensitive than a precise address, order history can still reveal habits, routines, and dietary patterns over time.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger list includes broad everyday phrases such as generic mentions of takeout or meal decisions, which can cause the skill to activate when the user did not intend to invoke it. Because this skill asks for location and may persist profile data, accidental activation increases the chance of unnecessary collection of sensitive information.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill stores address and food preferences persistently without any clear user-facing privacy notice or consent flow. This is dangerous because users may provide location data for one recommendation session without realizing it will be retained and reused later.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill directs the agent to store and reuse user location and dining preferences in a persistent memory file without clear minimization boundaries or consent controls. In context, location data is particularly sensitive, and combining it with recurring food preferences creates a durable personal profile unrelated to the minimum necessary runtime behavior.

Ssd 3

Low

Confidence: 90% confidence
Finding: Persisting the most recent order to influence future choices is a form of behavioral profiling. While lower risk than storing precise location, it still collects unnecessary longitudinal data and can shape future interactions in ways the user did not knowingly authorize.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal