同款打卡

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent travel-planning assistant, but it asks users to globally install an unpinned CLI and repeatedly disables HTTPS certificate checks for travel and booking searches.

Review carefully before installing. Only use this skill if you are comfortable with a global npm-installed FlyAI CLI, and do not run commands that set NODE_TLS_REJECT_UNAUTHORIZED=0 because they can make travel results and booking links vulnerable to interception or tampering. Check any saved travel profile data and avoid storing sensitive family, accessibility, or home-location details unless you intentionally want that persistence.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill explicitly instructs disabling TLS certificate verification via NODE_TLS_REJECT_UNAUTHORIZED=0 to work around SSL errors. That removes server identity validation and exposes all FlyAI requests and responses to man-in-the-middle tampering, which is especially risky here because the skill retrieves travel data and booking links that users may trust and act on.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill requires running a global npm install/upgrade command before use, which expands its behavior from itinerary planning into modifying the host environment. Global package installation introduces supply-chain and system-integrity risk, and the instruction to always upgrade to latest makes execution non-reproducible and more exposed to compromised or breaking releases.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The skill reads persistent user profile data at startup to reduce questioning, even when that data may not be necessary for the current request. This creates unnecessary access to potentially sensitive personal preferences and travel history, increasing the chance of over-collection, cross-task data exposure, or accidental disclosure in responses.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The document introduces persistent collection and retention of broad travel-profile data, including family composition, home city, airport, history, and special needs, which goes beyond what a pilgrimage-tour assistant strictly needs for a single request. This expands the skill's data footprint and creates unnecessary privacy and surveillance risk if the data is later misused, exposed, or retained without clear consent and minimization boundaries.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The trigger phrases are broad enough to match ordinary travel or location questions, so the skill may activate in contexts broader than intended. While not an exploit by itself, overbroad activation can cause the agent to invoke unnecessary capabilities or apply risky workflow steps such as profile access or shell-command guidance in benign conversations.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill directs users or the agent to run installation and shell commands that modify the local system, but it does not present a clear user-facing warning about those side effects. This increases the risk that environment changes, package installs, or permission escalations occur without informed consent or appropriate controls.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill recommends disabling TLS verification as routine error handling and does so without a strong security warning. Presenting this as an acceptable fix normalizes an unsafe practice that can silently compromise integrity and confidentiality of network traffic.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The spec instructs the agent to store personal travel-profile data in Qoder Memory or a local file but does not warn about persistence, local disk exposure, shared-machine risks, or the sensitivity of items like family members and accessibility needs. Without explicit notice and informed consent, users may unknowingly create long-lived personal records that can be accessed outside the immediate conversation context.

Ssd 3

Medium

Confidence: 90% confidence
Finding: Automatically reading persistent user profile information at startup creates a data-exposure path beyond the immediate user request. In this skill context, travel preferences, locations, and related history may be sensitive, and automatic retrieval increases the chance of leaking or reusing data inappropriately across sessions or tasks.

Ssd 3

Medium

Confidence: 88% confidence
Finding: The skill instructs the agent to save newly discovered user preferences into memory or local files, creating persistent retention of personal data beyond the immediate interaction. Without clear consent, retention limits, and access controls, this can lead to privacy leakage, unexpected profiling, or exposure of sensitive travel-related preferences.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal