Back to skill

Security audit

Create your persanal travel-map

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent travel-map generator with expected web lookup, image generation, local image processing, and scoped file output behavior, though users should notice the installer replacement behavior and external data sharing.

Install only if you are comfortable sharing destination and attraction details with search, maps/browser, and image-generation services. Review the installer target first, especially if you have edited a previous copy of this skill, and use a controlled project or virtual environment for the Pillow dependency if you want to avoid changing your user Python environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill invokes shell commands and reads local files/scripts, but it does not declare any permissions or capability requirements to the host. That creates a transparency and policy-enforcement gap: an agent or user may approve a seemingly harmless image skill without realizing it can execute commands, install packages, and write files.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The natural-language triggers are broad enough to match ordinary user requests like 'draw a map' or 'generate an itinerary graphic,' which can cause the skill to activate outside a clearly intended context. In an agent ecosystem, ambiguous activation scope can lead to unintended tool use, unnecessary processing of user travel plans, or unexpected data flows tied to location and itinerary content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README says the skill performs attraction discovery and coordinate collection but does not disclose whether external services, map lookups, or third-party APIs may be used to obtain that data. Because travel plans and points of interest can reveal sensitive location preferences or future movements, lack of transparency can expose users to privacy and data-handling risks without informed consent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The natural-language triggers are broad enough to activate on ordinary travel-planning requests, which can cause the agent to launch a multi-step workflow involving web access, shell commands, image generation, and file creation without a clear explicit opt-in. Over-broad activation increases the chance of unintended tool use and surprise side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs copying the generated file into the user's current working directory automatically, which modifies the user's filesystem without an explicit warning or confirmation. Unsolicited writes can overwrite expected outputs, create clutter, or place files in sensitive project directories where they may later be committed or processed unintentionally.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The installer unconditionally deletes any existing directory at the target install path with `rm -rf` after only emitting a log message, which can destroy prior user data or local modifications without confirmation or backup. While the path is derived from predefined platform locations, this is still dangerous because a mistaken platform/path choice or unexpected directory contents can cause irreversible data loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
scripts/security_scan.py:68