Back to skill

Security audit

Flight Search

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised flight search and monitoring work, but users should understand it sends travel queries to third-party APIs and stores local monitoring data.

Install only if you are comfortable supplying your own Amadeus API key and, optionally, AviationStack key. Keep config.json out of version control, start in sandbox mode until you confirm behavior, watch API quotas and pay-as-you-go charges before using production mode, and delete or protect .monitored_flights.json if monitored routes reveal sensitive travel plans.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill documentation indicates capabilities that involve file read/write and network access, but no explicit permissions are declared in the metadata. This creates a transparency and consent problem: users or the host platform may not realize the skill can access local configuration files and make outbound API calls, increasing the risk of unintended data exposure or overbroad execution.

Vague Triggers

Medium
Confidence
75% confidence
Finding
The trigger phrases are broad and map closely to common travel-related conversation, which can cause the skill to activate unexpectedly during ordinary user interactions. Unintended invocation can lead to unnecessary external API calls, leakage of travel queries to third-party services, or interference with other more specific skills or built-in functionality.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document strongly promotes switching to Production and emphasizes that it is 'free', while downplaying that the environment is pay-as-you-go after the quota and that Production enables real bookings. In a flight-search skill, this can mislead users into enabling live, billable APIs and potentially making unintended chargeable requests or booking-capable operations without sufficiently prominent risk warnings.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The configuration example shows production API key and secret fields but does not warn users not to store real credentials in committed config files or repositories. In practice, users often copy examples verbatim, which can lead to accidental secret exposure, unauthorized API use, quota exhaustion, and financial impact.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The monitoring flow explicitly says the route is added to a monitoring list and checked periodically, but it does not warn users that flight preferences and travel dates may be persistently stored in files like .monitored_flights.json. This can expose sensitive travel patterns, dates, and destinations to other local users, logs, backups, or downstream systems without informed user consent.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
86% confidence
Finding
The trigger 'search flights' overlaps with the built-in 'search' command, creating a shadowing risk where the skill may intercept requests intended for core platform behavior. This can confuse users and route their queries through third-party integrations unexpectedly, especially in a skill that performs network requests to external travel APIs.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
84% confidence
Finding
The trigger 'find flights' conflicts with the built-in 'find' command and may cause ambiguous routing or interception of user requests. Because this skill sends data to external services, accidental activation is more concerning than in a purely local skill: travel plans, destinations, and dates could be transmitted when the user only intended a generic find operation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.