Back to skill

Security audit

帮我凑假

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent travel planner, but it asks the agent to globally install an unpinned CLI and automatically use persistent travel profile data, so users should review it before installing.

Install only if you trust the FlyAI CLI supply chain. Prefer a pinned or sandboxed install, avoid `sudo`, and review or delete any saved `~/.flyai/user-profile.md` or memory entries containing home city, budget, family, travel history, or special needs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
The skill requires installing or upgrading a global npm CLI before performing vacation-planning tasks, which is unnecessary for the user-facing function described and expands the attack surface significantly. A global package install executes code from the package supply chain and can modify the host environment, creating risk of arbitrary code execution or persistence if the package, dependency chain, or installation path is compromised.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill reads user profile data from memory or a local file at startup even though the manifest presents it as a vacation-planning assistant, not a profile-harvesting or cross-session personalization feature. This creates an unnecessary privacy boundary crossing and can expose previously stored personal data without clear user awareness or consent.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill instructs saving newly discovered preferences to memory or local files, introducing persistence beyond what is necessary to answer a single vacation-planning request. Unnecessary retention of travel preferences increases privacy risk, enables cross-session profiling, and may create a durable local data trail on the host.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The referenced documentation exposes a broad AI travel search capability covering hotels, attractions, flights, trains, and mixed itinerary planning, which exceeds the declared scope of a vacation-leave planner focused on calculating optimal leave-taking plans. This scope expansion can enable unintended actions or data flows, mislead downstream agents into invoking unrelated capabilities, and weaken security boundaries based on the manifest's stated purpose.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
This reference file documents a hotel-search capability that is not reflected in the stated skill description, which only mentions leave optimization and flight-price queries. That kind of scope expansion can enable undisclosed data access or tool use beyond user expectations, increasing the risk of covert capability creep and policy bypass in an agent workflow.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The referenced capability is a Marriott hotel search tool, but the skill manifest describes a vacation-planning assistant focused on leave optimization and flight-price lookup. This mismatch can cause the agent to invoke or expose unintended functionality, increasing the risk of scope confusion, misleading users, and accidental data handling outside the declared purpose.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The document defines persistent collection and storage of a broad 'user travel profile' across sessions, which goes beyond the skill's stated purpose of computing leave combinations and checking flight prices. This creates unnecessary retention of personal data and increases privacy risk if the data is later accessed, repurposed, or exposed.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The listed fields include broad personal and potentially sensitive household/travel details such as home city, family members, child age, travel history, and special needs, without clear necessity for the narrow function of leave-plan optimization. Over-collection increases the harm from unauthorized access and makes the skill riskier than its manifest suggests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill silently loads persisted user profile data at startup without prominently disclosing this behavior in the skill description or obtaining explicit user consent at runtime. Hidden data access undermines user expectations and can lead to unauthorized processing of personal travel history or preferences.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The spec instructs the agent to write user profile data to Qoder Memory or a local file, but it does not provide a clear privacy notice, retention policy, or warning that data will persist beyond the session. Users may unknowingly authorize durable storage of personal travel preferences and household information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.