Theme Park Guide

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill is coherent, but it tells agents to install an unpinned global npm CLI automatically, which is a persistent system change users should review first.

Review before installing. Use this only if you want flyai/Fliggy-backed ticket search results, approve any npm install manually, verify the `@fly-ai/flyai-cli` package and booking links yourself, and consider running it in a contained environment. Do not treat the returned links or prices as independent travel advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to install a global npm package as part of normal execution, which modifies the host environment without any user confirmation, warning, or sandboxing guidance. In an agent setting, this creates supply-chain and system-integrity risk because executing `npm i -g` can introduce untrusted code and persistent changes on the machine.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The prerequisites and workflow normalize installing `@fly-ai/flyai-cli` whenever the command is missing, but provide no safety notice about persistent system modification or third-party code execution. This is dangerous because an agent may blindly follow the instruction, turning a read/query skill into one that performs software installation on the user's machine.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal