Back to skill

Security audit

Travel Information and News

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed travel search/reporting tool, but users should treat its external search and optional browser scraping features with care.

Install only if you are comfortable sending travel queries to Tavily and, if enabled, Brave and browser-visited sites. Avoid putting confidential client, visa, health, booking, or account details into searches unless those providers are approved for that data. Keep browser scraping disabled unless needed, avoid logged-in sessions, review target-site rules, and run the browser stack in a contained environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises no declared permissions while explicitly requiring access to environment variables, shell/package installation, network search APIs, and file output generation. This is a real security issue because hidden or undeclared capabilities reduce informed consent, weaken sandbox/policy enforcement, and can let an agent invoke broader access than a reviewer expects.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill description says it searches and aggregates travel information, but the documented behavior also creates DOCX/PDF files and, per the finding, downloads a font from GitHub at runtime. That extra runtime fetch expands the trust boundary to an external code/content source and introduces supply-chain and unexpected network/file-write behavior not clearly disclosed by the primary description.

Context-Inappropriate Capability

Medium
Confidence
76% confidence
Finding
The browser-scraping path expands the skill's attack surface by spawning local GUI and Node processes to access sites outside the primary API-based search flow. In an agent environment, this can enable broader local execution and network interaction than users may expect from a travel-search skill, especially if the downstream browser script is weakly validated.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes browser scraping of sites like Xiaohongshu and X/Twitter and review aggregation from third-party services, but provides no warning about privacy implications, account/session exposure, site terms-of-service, or transmission of queried data to external providers. In a skill intended for professional travel research, this omission can lead operators to enable scraping and third-party lookups without understanding legal, privacy, and compliance risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.