Security audit

哈啰顺风车出行技能

Security checks across malware telemetry and agentic risk

Overview

This is a real ride-hailing skill, but it gives an agent enough authority to schedule and execute real ride actions that users should review carefully before installing.

Install only if you intentionally want an agent to manage real ride-hailing actions. Configure the API key through OpenClaw MCP configuration rather than pasting it into chat, confirm every booking/cancellation/invitation/trip-completion action, and review or disable cron-based automatic ride tasks unless you clearly want delayed background execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to create shell-based cron jobs and even includes OS-specific shell logic, which expands behavior beyond ride-hailing assistance into host/job management. In an agent environment with command execution, this can cause unauthorized persistence-like scheduling, unintended background actions, and execution of commands using session metadata without sufficient trust boundaries.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The README explicitly instructs users to provide their API key in agent chat, which can cause the credential to be stored in chat history, logs, screenshots, analytics, or shared conversation context. In a skill that can place orders and access trip data, exposing the API key could let an attacker or unintended party use the user's account-backed capabilities or access sensitive ride information.

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill advertises activation from broad everyday phrases like '明天去机场' and '下班回家' and says it can infer travel intent proactively, which increases the chance of unintended invocation and accidental execution of real-world ride-order flows. Because the skill can progress to quoting, booking, cancellation, and driver interaction, overly broad triggers materially raise the risk of unauthorized or surprise actions.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The scenario table uses vague triggers such as '回家', '上班', and especially '取消', which are highly ambiguous outside a clearly established ride-hailing context. This can misroute unrelated conversation into sensitive actions, including order cancellation or booking workflows, creating a real risk of mistaken transactional behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal