Back to skill

Security audit

Air France - KLM

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Air France/KLM flight tracker whose credentials, polling, local state, and aircraft-enrichment behavior are disclosed and aligned with flight monitoring.

Install only if you are comfortable providing an AFKL API key and allowing watched flight/aircraft details to be stored in local state/cache files. Use a dedicated API key, protect any credential files, set an explicit private state directory, and remove any cron job after the monitoring window ends. Expect aircraft registrations to be sent to Planespotters when enrichment runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The script explicitly extends the skill beyond the declared Air France–KLM flight-status scope by querying a third-party aircraft-intelligence source and persisting results in a local cache. This creates undeclared data flows and capability creep, which is dangerous in an agent setting because users and operators may believe only first-party AF/KLM APIs are being used while aircraft identifiers are sent to an unrelated external service.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The code enriches tail-number data using an unrelated public source without clear justification in the core flight-status scope, causing data minimization and trust-boundary issues. Even if the transmitted value is only a registration, it still discloses user-requested lookup targets to a third party and can violate expected platform restrictions or privacy assumptions.

External Transmission

Medium
Category
Data Exfiltration
Content
try {
    for (const t of tried) {
      try {
        const url = `https://api.planespotters.net/pub/photos/reg/${encodeURIComponent(t)}`;
        const resp = await fetch(url, { headers: { 'accept': 'application/json' } });
        const text = await resp.text();
        const j = JSON.parse(text);
Confidence
78% confidence
Finding
https://api.planespotters.net/

External Transmission

Medium
Category
Data Exfiltration
Content
let intel = { reg: primary };
try {
  // Planespotters API: https://api.planespotters.net/pub/photos/reg/{reg}
  for (const r of regs) {
    try {
      const url = `https://api.planespotters.net/pub/photos/reg/${encodeURIComponent(r)}`;
Confidence
90% confidence
Finding
https://api.planespotters.net/

External Transmission

Medium
Category
Data Exfiltration
Content
// Planespotters API: https://api.planespotters.net/pub/photos/reg/{reg}
  for (const r of regs) {
    try {
      const url = `https://api.planespotters.net/pub/photos/reg/${encodeURIComponent(r)}`;
      const j = await fetchJson(url);
      const photo = (j.photos && j.photos[0]) || null;
      const ac = photo && photo.aircraft || null;
Confidence
95% confidence
Finding
https://api.planespotters.net/

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.potential_exfiltration

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/afkl_http.mjs:8

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/aircraft_intel.mjs:32

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
scripts/afkl_http.mjs:31