Aerobase Alerts

Security checks across malware telemetry and agentic risk

Overview

This flight-alert skill is mostly aligned with its purpose, but it can initiate high-impact travel actions and stores recent flight-alert history without enough clear user controls.

Review before installing. Use it only if you are comfortable with ongoing flight monitoring, recent flight-number and alert timestamp storage in a local file, and possible calendar or booking-account access. Require explicit confirmation before any rebooking, including the exact itinerary, traveler, total cash or miles cost, fees, refund rules, and account to charge.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs persistent reads and writes to a workspace file without any user-facing disclosure or consent. Persistent local state can expose travel metadata, create privacy risks, and be abused to influence later agent behavior if the file is modified or shared across contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal