Back to skill

Security audit

China Flight Booking

Security checks across malware telemetry and agentic risk

Overview

This travel skill is a straightforward TripGenie/Trip.com proxy client, but users should understand that their travel queries are sent to an external Tencent SCF proxy.

Install only if you are comfortable with your travel searches, dates, preferences, and free-form travel questions being sent to the listed external proxy and onward to TripGenie/Trip.com. Avoid entering passport numbers, payment details, account credentials, or other sensitive personal data into this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares only the bash tool and environment variables, but its documented execution clearly performs outbound network access through a proxy to TripGenie/Trip.com APIs. Undeclared network capability reduces transparency and policy enforcement, making it easier for a skill to exfiltrate user-provided travel queries or send unexpected data to external services without explicit review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends user-provided travel queries and metadata to a remote proxy service without any user-facing notice, consent flow, or description of what data leaves the local environment. In a travel assistant context, queries may contain sensitive itinerary details, locations, dates, and preferences, so undisclosed transmission creates a privacy and data-governance risk even if transport is over HTTPS.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
A hardcoded proxy token is embedded in the client and automatically attached to outbound requests, while users are not informed that authenticated requests are being made on their behalf to an external service. Hardcoded credentials can be extracted and abused by anyone with access to the code, potentially enabling unauthorized use of the proxy/API, quota exhaustion, billing abuse, or impersonation of this client.

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.