Security audit

瑞玥餐饮API

Security checks across malware telemetry and agentic risk

Overview

This restaurant API skill is coherent, but it can look up customer/member data and change live reservations or orders without clearly requiring customer authorization or confirmation.

Install only for a trusted merchant/customer-service environment connected to this backend. Require the agent or operator to verify the customer's identity before member or phone-based lookups, and require explicit confirmation before booking, modifying, canceling reservations, or placing orders.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill exposes member and phone-based lookup functions and multiple live state-changing operations (booking, modifying, canceling appointments, and placing orders) without any explicit requirement for user consent, identity verification, or warning that actions affect real backend data. In an agent setting, this increases the risk of unauthorized access to personal data and unintended or malicious transactions being executed on behalf of users.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal