Security audit
Search and Book Flights
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed flight-booking helper whose sensitive email, traveler-data, calendar, and payment-related actions are tied to the travel-booking purpose and require human approval.
Before installing, understand that this skill depends on an agent having email access and may involve travel profile details, payment setup, and optional calendar sync. Use it only if you are comfortable with BonBook handling booking data, and personally approve account creation, traveler information entry, calendar connection, flight purchase, change fees, cancellations, and any payment step.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
