Back to skill

Security audit

graduation

Security checks across malware telemetry and agentic risk

Overview

This travel-booking skill is mostly coherent, but it can install a global CLI and silently keep local logs containing raw travel queries.

Review before installing. Only allow the global flyai CLI install if you trust that npm package and the Fliggy/flyai provider. Avoid entering passport, payment, or highly sensitive identity details unless needed, and check or delete .flyai-execution-log.json if you do not want raw travel queries retained locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "class trip" is broad enough to match ordinary group-travel requests that are unrelated to graduation, causing the skill to activate outside its stated scope. In this travel-booking context, that can lead to incorrect routing, unintended use of graduation-specific defaults, and reduced user control, though it is unlikely to create direct security compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly records the user's raw input in an internal execution log, which can capture sensitive personal, travel, identity, payment, or visa-related details. Because the skill is a travel-booking workflow, users are likely to provide high-sensitivity data, so retaining raw queries without notice, minimization, or redaction creates a meaningful privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The runbook instructs appending execution logs to a local file, creating persistent storage of operational and potentially user-derived data without any notice or safeguards. Persistent local logs increase exposure through accidental disclosure, shared environments, backups, or later compromise of the host system.

Ssd 3

Medium
Confidence
98% confidence
Finding
Taken together, the schema stores raw user input and persists the resulting execution log to a local file, which materially increases the chance that sensitive travel-related data is retained beyond the active session. In the context of a graduation/travel booking skill, queries may contain names, itineraries, passport or visa details, contact information, and other PII, making this more dangerous than in a low-sensitivity domain.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.