Back to skill

Security audit

Aerobase Concierge

Security checks across malware telemetry and agentic risk

Overview

Aerobase Concierge is a disclosed travel-assistant skill that uses an Aerobase API key and travel context, with no evidence of hidden code, destructive actions, or account-changing authority.

Install only if you are comfortable giving Aerobase an API key and sharing travel preferences or itinerary details with the Aerobase service. Use a revocable or scoped key if available, watch API usage, avoid sharing unnecessary loyalty or trip details, and require explicit confirmation before any real booking, purchase, cancellation, or account change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill explicitly states that it has 'autonomous behaviors that activate without being asked,' but it does not define clear triggers, limits, or consent boundaries. In a concierge that can monitor deals, score flights, generate plans, and guard itineraries, this can lead to unrequested actions, over-collection of travel data, and privacy-invasive behavior that exceeds user expectations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to remember sensitive travel context such as home airport, loyalty programs, chronotype, and upcoming trips across the conversation, but it provides no user-facing notice, consent flow, retention limits, or data handling constraints. In a travel context, this information can reveal behavioral patterns, future absence from home, and preference profiles, making the privacy risk more acute than generic conversational memory.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.