Security audit

worst-travel-challenge(最差旅行挑战)

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed novelty travel planner that returns real third-party booking links, but the artifacts do not show hidden booking, payment, credential access, persistence, or destructive behavior.

Install only if you trust the third-party FlyAI CLI and are comfortable receiving real Fliggy booking links. Review destination, dates, prices, refund terms, merchant domain, and any randomly generated details before clicking through or paying.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README advertises 'real-time booking' and 'one-click booking' for travel without clearly warning users that bookings may create reservations, transmit personal/travel data, and incur charges. In a travel skill, this is materially risky because users may interpret the feature as harmless planning while the agent could initiate transactional actions affecting money, identity data, and itinerary commitments.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The 'whatever/随便' mode says the system will randomly choose departure city, time, duration, and budget-related details, but the warning is framed as playful rather than as a clear consent and risk notice. In the context of a travel-booking skill, automatic selection of itinerary parameters can lead to unwanted destinations, inconvenient schedules, or spending commitments if the user does not understand the scope of what will be chosen.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill defines broad trigger keywords like “最差/最烂/最坑/地狱” that can plausibly appear in ordinary travel complaints, making accidental activation likely. In this skill, accidental activation is more concerning because the agent is instructed to intentionally optimize for poor travel choices and real booking flows, which could mislead users into harmful or unwanted recommendations.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Allowing the user to reply only “随便” to auto-fill departure city, time, duration, and budget is an unsafe ambiguous trigger because it can be said casually and lacks scoped consent for real-world travel planning. In this skill, the danger is amplified because the system may generate concrete itineraries and booking links for intentionally bad options without validating that the user truly wants automated defaults.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill requires exposing real booking links and emphasizes one-click booking for flights, hotels, and attractions, but does not require a strong purchase confirmation or billing warning at the point of recommendation. In a travel-booking context, this creates a material risk of unintended real-world transactions, especially because the theme intentionally pushes users toward extreme or low-quality options as a joke/challenge.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The "随便" mode allows the system to auto-generate origin, timing, duration, and budget defaults that can diverge from the user's real constraints, yet the documentation does not require a final validation step before recommendations or bookings are produced. In this skill, the risk is amplified because the generated itinerary is intentionally adversarial/comedic, increasing the chance of mismatched, impractical, or undesired travel plans being surfaced or acted on.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal