Travel Bundle

Security checks across malware telemetry and agentic risk

Overview

The skill’s travel-search purpose is understandable, but it can make the agent install and run an unpinned global npm CLI before answering a normal travel query.

Review before installing. The travel integration itself is coherent, but only use it if you trust `@fly-ai/flyai-cli` and are comfortable approving a persistent global npm install. Prefer installing a known version yourself and avoid entering sensitive personal or payment details unless you have reviewed the provider’s booking and privacy terms.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The skill explicitly says to never invent CLI parameters and to use only parameters from the documented table, yet its own playbooks invoke undocumented flags and subcommands such as `keyword-search`, `search-flight`, `--origin`, `--destination`, `--dep-date`, `--sort-type`, and `--seat-class-name`. This inconsistency can cause an agent to execute unsupported commands, fail open into fallback behavior, or rely on guessed interfaces, increasing the risk of unsafe command construction and unreliable results.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal