Back to skill

Security audit

Travel Concierge CLI

Security checks across malware telemetry and agentic risk

Overview

The skill’s travel-contact purpose is mostly disclosed, but it can activate on broad contact requests and relies on an undeclared local CLI to scrape and compile contact dossiers.

Review before installing. Use it only when you intentionally want contact lookup for a specific accommodation listing, and make sure you trust the `travel-concierge` executable that will be found on your PATH. If you configure Google Places, use a restricted API key and be mindful of travel-site terms and privacy expectations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase 'find contact' is broad enough to match many ordinary user requests unrelated to accommodation listings. That can cause the skill to activate unexpectedly and initiate scraping or contact-harvesting behavior in contexts the user did not intend, increasing privacy, compliance, and misuse risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Several triggers like 'hotel contact,' 'property contact,' 'direct booking,' 'property email,' and 'property phone' are ambiguous and can overlap with legitimate general-assistance queries. In this skill's context, accidental activation is more concerning because the documented behavior includes web scraping and assembling dossiers of contact channels across phone, email, WhatsApp, and social media.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
79% confidence
Finding
Using 'find contact' as a trigger creates a shadowing risk with a generic built-in 'find' capability, making routing less predictable. This can divert normal user requests into a scraping-oriented skill that gathers direct contact details, potentially bypassing safer or more general workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.