Security audit

Aviation Regulations Search

Security checks across malware telemetry and agentic risk

Overview

This is a narrow aviation-regulation search skill that clearly sends user queries to Deepsky's public API and does not show hidden local access, credential use, persistence, or destructive behavior.

Install only if you are comfortable sending aviation-regulation questions to Deepsky's API. Avoid putting private operational details, personal data, or confidential legal/compliance context into queries, and verify safety-critical aviation answers against official regulator sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 97% confidence
Finding: The script sends the user's natural-language query to a third-party remote service at deepskyai.com, and it does so automatically without any explicit disclosure at execution time. This creates a real privacy and data-handling risk because users may include sensitive operational, legal, or internal context in queries, and the skill context encourages broad regulatory lookups that may contain such information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.