Flyai / bargain-flights / lowprice / flights / hidden-city / ticketing / search / 捡漏机票 / 聪明买法 / 低价机票

Security checks across malware telemetry and agentic risk

Overview

This skill openly implements hidden-city flight searches, but it needs Review because it can activate for ordinary cheap-flight requests, gives skipped-segment booking guidance, and automatically exposes booking links to a third-party QR service.

Review before installing. Use only if you intentionally want hidden-city ticketing help, understand airline policy and baggage risks, and trust the external FlyAI CLI. Avoid generated QR links for booking URLs that may contain personal, session, or tracking data unless you are comfortable sharing that URL with the QR provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill claims to help discover bargain flights through live analysis, but the documented local tooling only performs static route lookup and QR code generation while relying on an external CLI for flight search. This mismatch can mislead reviewers and users about what is actually executed and what third-party components/processes handle sensitive travel queries, reducing transparency and informed consent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger conditions are broad enough to match ordinary travel or money-saving conversations, which can cause the agent to invoke this skill without clear user intent. In context, that is more dangerous because the skill operationalizes hidden-city ticketing, a deceptive booking tactic with contractual, travel-disruption, and compliance implications.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The function embeds the full user-supplied URL into a request to a third-party QR-code API, which causes that URL to be disclosed externally when the generated image is fetched. If booking links contain personal data, session tokens, tracking parameters, or internal URLs, this can leak sensitive information to an outside service without explicit user consent or warning.

Ssd 4

Medium

Confidence: 97% confidence
Finding: This section normalizes hidden-city ticketing and frames it as a 'smarter' purchase strategy, while instructing users to intentionally abandon later segments. In this skill context, that is dangerous because it directly enables a deceptive tactic against airline booking terms and increases the likelihood of user harm such as canceled segments, baggage issues, or account sanctions.

Ssd 4

High

Confidence: 98% confidence
Finding: The workflow explicitly teaches the agent to search for itineraries that continue past the user’s true destination and then filter them for exploitability. This is a step-by-step playbook for carrying out hidden-city ticketing, making the skill more dangerous than generic travel advice because it automates targeting and recommendation of the deceptive act.

Ssd 4

Medium

Confidence: 93% confidence
Finding: Automatically generating booking QR codes operationalizes the tactic by turning recommendations into one-click booking artifacts without additional user confirmation. In context, this lowers friction for committing to deceptive or risky itineraries and increases the chance of accidental data sharing with third-party QR infrastructure.

Ssd 4

High

Confidence: 98% confidence
Finding: The risk and messaging guidance coaches users on how to execute hidden-city ticketing while minimizing disruption, including baggage handling and reassurance about skipped segments. That goes beyond neutral disclosure and materially assists deceptive conduct, making the skill particularly dangerous in a consumer travel setting.

Ssd 4

Medium

Confidence: 91% confidence
Finding: The skill operationalizes hidden-city ticketing by automating discovery of itineraries designed for the traveler to intentionally skip a booked segment. That enables deceptive misuse against airline fare rules and may expose users to account penalties, denied boarding, baggage problems, or downstream disputes while the agent actively facilitates the behavior.

Ssd 4

Medium

Confidence: 94% confidence
Finding: The example output explicitly tells the agent to label the second segment as 'not flown' and present it as a recommended itinerary, which concretely instructs users how to carry out the deceptive pattern. This increases harm because it moves from descriptive information to actionable facilitation of policy-evasive conduct.

External Transmission

Medium

Category: Data Exfiltration
Content: python3 scripts/qrcode.py --url "{jumpUrl}" ``` 输出示例:`https://api.qrserver.com/v1/create-qr-code/?size=300x300&data=...` **展示方式**:在 markdown 中直接提供一个可点击的链接,点击后跳转打开二维码图片:
Confidence: 88% confidence
Finding: https://api.qrserver.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal