Back to skill

Security audit

Xiaozhi Recycle Order

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent recycling-order helper, but it can send personal contact/address data and WeChat authorization to a third-party service to create real pickup orders with some under-disclosed confirmation and privacy details.

Review this skill carefully before installing. Use it only when you intend to place a real Xiaozhi recycling pickup order, confirm the recipient, phone, full address, pickup time, item details, and price yourself, and do not provide or paste reusable WeChat tokens or use custom API endpoint overrides unless you fully trust them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match general questions such as how self-service recycling works or vague requests for help, which can cause the skill to activate before the user has clearly consented to begin an external transaction. In this skill, activation leads into collecting personal contact/address data and initiating third-party order creation, so overbroad triggering increases the risk of unintended data collection or transactional actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes collecting name, phone number, and full address, then using a third-party platform and WeChat authorization flow, but it does not prominently warn users that this sensitive personal data will be transmitted externally. Because the workflow involves both identity-linked contact data and precise location information, missing disclosure meaningfully raises privacy and consent risk.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The authentication flow documents polling for an authorization token and instructs passing that token into order-creation requests, but provides no guidance on secure handling, storage, expiration, or log redaction. In an agent skill context, this increases the chance that implementers will expose tokens in logs, prompts, URLs, or local files, enabling account/session misuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The device-order submission sends personally identifiable information such as name, mobile number, and address, along with device details, to an external third-party API and creates a live order. In an agent-skill context, doing this without an explicit disclosure/confirmation step increases the risk of unintended privacy loss or unauthorized real-world actions triggered from conversational input.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The clothing-order path transmits personal contact and address data to an external service and immediately places a real order once a token is available. Because this occurs with only basic success/failure messaging and no explicit final confirmation, a user could unintentionally authorize disclosure of sensitive data and a real pickup transaction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.