Back to skill

Security audit

Gonza Navifare Deals

Security checks across malware telemetry and agentic risk

Overview

This is a coherent flight price-checking skill that uses a hosted Navifare MCP service and does not show hidden execution, credential access, persistence, or destructive behavior.

Install only if you trust Navifare's hosted MCP service. Expect flight itinerary details, passenger count, class, and reference prices to leave your local agent environment; redact screenshots so they do not include names, booking references, loyalty numbers, passport details, or payment information, and verify booking links and prices directly before buying.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The metadata slug identifies the skill as "navifare-hidden-flight-deals" while the manifest context describes a different skill, "navifare-flight-validator." This kind of identity mismatch can mislead reviewers, users, or downstream systems about what is actually being installed or executed, and can conceal repackaged, stale, or substituted functionality.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The installation guide describes broad automatic activation behavior for flight-price-related inputs without documenting meaningful boundaries or safeguards. In an agent skill context, overly broad triggers can cause the skill to engage on unrelated user content and increase the chance that travel details or screenshots are unnecessarily processed by external tools or services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide instructs users to connect to a hosted MCP endpoint but does not clearly disclose that flight search parameters and potentially screenshot-derived booking details may be transmitted to a third-party external service. This creates a privacy and data-handling risk because users and deployers may unknowingly expose personal travel information, booking metadata, or image contents outside the local environment.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation conditions are broad enough to trigger on many normal travel-related messages such as asking whether to book or mentioning a price. In an agent skill context, overly broad auto-activation can cause unintended invocation of external tools, unnecessary transmission of itinerary data to a third-party MCP service, and user confusion about when external processing occurs.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation rules are broad enough to trigger on many ordinary travel-planning statements, such as mentioning booking, comparing options, or asking if a deal is good. That can cause unintended invocation of external MCP-backed price-check workflows, leading to unnecessary data sharing, user confusion, and tool usage without sufficiently explicit intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger section uses very broad phrases like 'Is this a good price?' and 'Should I book this flight?' that can match ordinary travel conversations without clearly requiring explicit user intent to invoke external price-checking behavior. In a travel assistant context, this can cause over-activation, unnecessary collection of itinerary details, and unintended calls to third-party services based on ambiguous user input.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples instruct the assistant to extract booking details from uploaded screenshots and proceed with price checks, but they do not mention any privacy notice, minimization, or warning that screenshots may contain sensitive personal or account data. In this skill's context, screenshots from booking sites can include names, booking references, loyalty numbers, payment hints, or other personal travel data, so normalizing screenshot extraction without safeguards increases privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.