Back to skill

Security audit

spring-break-flight

Security checks across malware telemetry and agentic risk

Overview

This travel skill is purpose-aligned, but it tells agents to install and run a global third-party CLI without a clear user approval step.

Install only if you are comfortable letting the agent install a global npm CLI and send your flight search details to flyai/Fliggy. Prefer approving the CLI install manually, checking the package source/version first, and avoiding sensitive travel plans unless you trust the provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill explicitly says agents must never invent or use flags not listed in the parameter table, but later instructs use of `--journey-type 1`, which is not documented there. This contradiction can push an agent to execute unsupported or unintended CLI behavior, increasing the risk of command misuse, undefined behavior, or future abuse if the CLI interprets undocumented flags in sensitive ways.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill mandates installing a global package with `npm i -g @fly-ai/flyai-cli` and then executing it, but provides no user consent step or warning that this changes the host environment. That creates a supply-chain and host-integrity risk because the agent may modify the system and run third-party code automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill collects travel details such as origin, destination, and dates and sends them to an external service through the CLI, yet it does not disclose this data transfer or ask for consent. This creates a privacy and compliance risk, especially because travel plans can be sensitive personal information.

Ssd 4

Medium
Confidence
95% confidence
Finding
The domain knowledge section reinforces use of `--journey-type 1` for direct flights even though earlier rules forbid unlisted flags. This conflicting guidance makes unsafe behavior more likely because agents may treat the narrative mapping as authoritative and bypass the documented restriction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.