Back to skill

Security audit

go2Travel — 飞猪旅行智能规划

Security checks across malware telemetry and agentic risk

Overview

This is a travel-planning skill that uses disclosed travel, weather, and exchange-rate lookups, with no evidence of hidden persistence, credential theft, destructive actions, or unrelated data access.

Install only if you are comfortable using the flyai CLI and external travel/weather/exchange-rate services. Weather queries may send the destination city to wttr.in, and travel searches may use your configured flyai access to query Fliggy. Treat prices, policies, visa, health, and emergency information as planning help and verify time-sensitive details with official providers before acting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest explicitly states that pure weather-only and currency-only queries should not trigger this skill, yet the declared intents include weather_check and currency_exchange. This inconsistency can cause the orchestrator to route users into a broader travel skill than intended, leading to policy bypass, incorrect tool usage, or unnecessary exposure of booking/search capabilities for requests that should be handled by narrower skills.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The trigger documentation says weather-only and currency-only requests should not activate this skill, but the regex patterns directly match exactly those requests. That creates an activation-policy contradiction that can be exploited or accidentally triggered, causing skill overreach and misrouting of user queries to a higher-privilege, broader-capability travel workflow.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file claims the generated guide is based on 'real-time Fliggy data + local experience', but the content only defines a static template and fallback behavior, with no mechanism showing live retrieval, verification, or freshness checks. In a travel-planning skill, this can mislead users into trusting time-sensitive information such as transport, lodging, ticketing, or emergency details that may be outdated or fabricated.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill hard-codes Chinese as the interaction/output language and does not instruct the agent to respect the user's language preference. This can cause unsafe or unusable responses in emergencies or while conveying practical travel information, because users may misunderstand critical details such as emergency numbers, power standards, or consular contact guidance.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The role instructs making direct requests to a third-party service (wttr.in) using user-supplied city data without disclosing that destination information will be sent externally. While the data sensitivity is usually low, this can still expose travel intent or location-related queries to an external provider without user awareness, creating a privacy and data-handling issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.