Back to skill

Security audit

FlyAI Skipticket Search

Security checks across malware telemetry and agentic risk

Overview

The packaged files look like a normal skill-authoring helper, but the listing metadata presents it as an unrelated FlyAI skipticket/flight skill with high-impact tags.

Review this before installing because the marketplace/listing identity does not match the actual package. Install it only if you want an agent to create or modify local skill packages, and inspect generated skills before placing them in an auto-discovered skills directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
72% confidence
Finding
The description is broad enough that the skill may trigger for many requests about creating or updating skills, including cases where the user did not intend code generation, file editing, or packaging actions. Over-triggering can expose the agent to unnecessary operational instructions and increase the likelihood of tool use beyond the user's expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.