travel-blind-box

Security checks across malware telemetry and agentic risk

Overview

This is a coherent travel-planning skill, but it can store and display sensitive trip history and booking details that users should handle carefully.

Install only if you are comfortable with local travel-history storage and itinerary documents that may include travel dates, addresses, phone numbers, and booking confirmation numbers. Avoid entering full confirmation numbers unless needed, redact sensitive details before sharing via chat/SMS/WeChat, and periodically review or delete the local history file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (17)

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: The BookingTracker stores and renders detailed booking metadata including addresses, travel times, and confirmation numbers, which exceeds what a budget allocator minimally needs. In a travel skill, this creates unnecessary exposure of sensitive travel details that could be leaked via logs, outputs, debugging, or downstream integrations, increasing privacy and account-takeover risk if confirmation codes are misused.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The guide explicitly promotes automatic recording of users' travel history but does not mention consent, retention, access, or deletion controls. Travel history is behavioral/location-derived personal data, and silently storing it can violate user expectations and create privacy and compliance risk if exposed or reused.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The description says the skill will assist with booking and generate itineraries, implying possible transmission of user trip details to external services, but it gives no disclosure about third-party use or data sharing. Users may provide dates, locations, and budget assuming local processing when in fact those details could be sent to booking or travel-info providers.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document describes automatically generating itinerary files containing booking confirmations, addresses, phone numbers, and emergency contacts, but provides no notice, consent flow, retention policy, or storage safeguards. That can expose sensitive travel metadata and booking identifiers through local files, shared devices, logs, or unintended file access.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The workflow repeatedly regenerates detailed itinerary documents after each booking update, which increases the number of artifacts containing confirmation numbers and travel details without warning the user. Repeated automatic writes raise the likelihood of accidental disclosure, stale copies persisting, and sensitive data being exposed via file sync, chat exports, or shared environments.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The quickstart states that QoderWork will 'automatically recognize' ordinary travel requests and invoke this skill, which encourages broad implicit triggering from generic user intent. In a skill ecosystem, overly broad activation language can cause unintended invocation, surprising users and increasing the chance that the skill handles requests outside its intended scope.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The example prompts are generic travel-planning requests such as wanting to visit a city for a few days on a budget, which are broad enough to match many normal conversations. If these are used as de facto triggers, the skill may activate unintentionally and intercept requests better handled by a general planner or another tool.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation instructs users to run a destructive deletion command against the installed skill directory without a prominent warning, confirmation step, or backup guidance. Even though the path is scoped to the skill folder, users may copy, modify, or mistype such commands, leading to accidental data loss or unsafe operational habits.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README explicitly says the skill will automatically generate and re-send detailed itineraries containing hotel addresses, confirmation numbers, and transport details after each booking. That behavior exposes sensitive travel and booking data without any mention of user consent, visibility controls, retention limits, or secure handling, increasing the risk of privacy leakage or unintended disclosure.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README promotes real-time travel lookups through the flyai skill but does not warn users that their travel details such as dates, destination, budget, and possibly party size may be transmitted to an external service. In a travel-planning context, these inputs can reveal sensitive personal plans and habits, so lack of disclosure and consent creates a real privacy risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The workflow collects and persists travel history and later booking-related details without a clear privacy notice, retention policy, or explicit consent step in the main interaction path. Travel history and itinerary data can reveal sensitive behavioral patterns, and storing them silently increases privacy and profiling risks.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs saving itineraries containing dates, destinations, hotel addresses, transport details, and possibly confirmation numbers to disk without clearly warning the user that sensitive trip data will be written locally. This can expose users to privacy leakage if the workspace is shared, synced, or later accessed by other tools or users.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow asks the user to provide booking confirmation numbers and states they will be recorded, but gives no privacy notice, data-minimization rationale, retention policy, or handling safeguards. Confirmation numbers can be sensitive trip identifiers and may enable account lookup, social engineering, or exposure of travel details if logs or stored records are accessed improperly.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The example shows persistent storage of travel history in the background without explicit user consent or a clear warning that location/travel-history data will be retained. Travel history is sensitive behavioral data; undisclosed retention increases privacy risk, especially in a travel-planning context where destination and date patterns can reveal habits and future absence from home.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The example explicitly recommends sending itinerary details through WeChat/SMS and the itinerary content includes booking confirmation numbers, hotel address details, and contact numbers. Those channels are often less controlled, more easily forwarded, and may expose travel plans and reservation identifiers that could enable social engineering, stalking, or unauthorized itinerary access if messages are intercepted or viewed by others.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill instructs persistent retention and repeated re-sending of detailed booking data, including confirmation numbers, dates, transport identifiers, addresses, and itinerary structure beyond what is necessary for an immediate response. This creates a concentrated store of travel-sensitive information that can be abused for stalking, social engineering, account recovery attacks, or unauthorized trip management if exposed.

Ssd 3

Medium

Confidence: 94% confidence
Finding: Maintaining an ongoing history of places the user has visited creates a persistent travel profile that is not strictly necessary for one-off itinerary generation. Over time, this profile can reveal habits, home region, preferences, and movement patterns, increasing privacy harm if accessed without authorization or reused unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal