Plan Luxury Trips — Five-Star Hotels, First Class Flights, Premium Resorts & VIP Travel
Security checks across malware telemetry and agentic risk
Overview
This luxury travel skill is mostly purpose-aligned, but it deserves review because it can install a global CLI automatically and keep raw travel requests in a hidden local log.
Install only if you are comfortable approving flyai CLI use for real-time travel results. Do not let the agent install the global npm package automatically unless you trust the package source, and disable or delete .flyai-execution-log.json if you do not want raw trip requests retained locally.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.