Aerobase Jetlag

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Aerobase jetlag planning skill with disclosed API use, though users should review privacy details before using its advertised Gmail or calendar features.

Install this if you are comfortable using an Aerobase API key and sending travel details needed for jetlag scoring to Aerobase. Do not paste API keys into chat. Before enabling any Pro Gmail import or calendar sync features, review Aerobase's requested account permissions, privacy policy, and data retention controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill advertises Gmail import and calendar sync capabilities involving privacy-sensitive data, but provides no warning, consent flow, data-minimization guidance, or explanation of what information will be accessed and retained. This can normalize broad access to email and calendar contents and may lead users or agents to expose more personal data than necessary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal