Tripadvisor

Security checks across malware telemetry and agentic risk

Overview

This Tripadvisor skill is a coherent travel-comparison helper that discloses its API use, local notes, and limits.

Before installing, choose narrow activation unless you really want generic hotel, attraction, or restaurant-comparison requests to invoke it; protect TRIPADVISOR_API_KEY, and review or delete ~/tripadvisor/ if you do not want travel preferences and shortlists retained locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The setup instructions define activation on very broad terms like 'Tripadvisor,' 'hotels,' 'attractions,' or 'restaurant comparisons,' which are common in ordinary travel discussions. This can cause unintended invocation of the skill in contexts where the user did not explicitly request it, increasing the chance of unnecessary data collection, file writes to local memory, or workflow execution without clear user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal