Back to skill

Security audit

travel-wallet

Security checks across malware telemetry and agentic risk

Overview

This looks like a real flight-search helper, but it can automatically install an unpinned global npm CLI and run flight-search commands from broad triggers, so it belongs in Review.

Install only if you are comfortable with an agent installing and running the flyai npm CLI globally. Prefer approving the install manually, avoid giving wallet, payment, account, or credential data to the agent, and treat generated booking links as search results to verify before purchase.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill explicitly says agents must never invent CLI parameters, yet the Direct Route playbook uses `--journey-type 1`, which is not listed in the Parameters table. This inconsistency can cause agents to invoke unsupported flags, leading to command failures or unsafe improvisation in order to satisfy the workflow, especially because the skill strongly pressures execution over fallback reasoning.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to globally install `@fly-ai/flyai-cli` via `npm i -g` whenever the binary is missing, without requiring user confirmation or presenting trust boundaries. That creates a supply-chain and arbitrary code execution risk, because package installation executes code from an external registry and modifies the host environment.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation triggers include broad phrases such as `budget flight`, `cheap flight deal`, and especially `travel travel`, which can match ordinary conversation and cause the skill to activate unexpectedly. In this skill, mistaken activation is more dangerous because activation can lead directly into environment checks and package installation instructions, increasing the chance of unprompted command execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.