Back to skill

Security audit

Explore Singapore

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Singapore travel assistant, but it asks agents to install a global CLI and persist raw travel queries without clear user control.

Review before installing. Only use this skill if you trust the flyai/Fliggy CLI, approve any global npm installation yourself, and are comfortable with travel searches being sent externally. Avoid entering passport, visa, contact, payment, or booking-reference details unless logging is disabled or tightly controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Low
Confidence
90% confidence
Finding
The README states the skill provides real-time travel data and booking links, which implies external network calls and third-party service interactions, but it does not warn users that prompts or travel details may be sent to external systems. In a travel-booking context, this can mislead users about where their data goes and increase the chance of unintended disclosure of personal itinerary or booking information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to run `npm i -g @fly-ai/flyai-cli`, which modifies the host environment by installing software globally. Because this occurs as part of normal execution and without any warning, confirmation, or sandboxing guidance, an agent could make persistent system changes on behalf of the user unexpectedly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill offers flight, hotel, and booking-related functions through the external `flyai` CLI but does not disclose that user-provided travel details will be transmitted to a third-party service. This creates a privacy and data-handling risk because sensitive itinerary, destination, and potentially personal booking preferences may be sent off-platform without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The runbook explicitly records the raw user query in an internal execution log, but provides no indication of minimization, redaction, consent, retention limits, or access controls. In a travel skill, user queries may contain passport details, names, contact data, booking references, dates, and other sensitive trip information, so storing raw input creates unnecessary privacy and leakage risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The file defines persistent logging of raw user input and operational details by appending JSON records to a local file, which can accumulate sensitive data over time in plaintext. Because this skill supports bookings, visas, insurance, and reservations, users are more likely to provide personal and financial-adjacent information, making persistent local retention materially more dangerous if the host is shared, compromised, or improperly managed.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.