explore-uk

Security checks across malware telemetry and agentic risk

Overview

This UK flight-search skill is not clearly malicious, but it asks the agent to install a global third-party CLI and has scope mismatches users should review first.

Install only if you are comfortable with an agent using flyai/Fliggy for flight searches and opening booking links from its output. Require explicit approval before any global npm install, prefer an isolated environment, and treat the skill as flight-search only despite the broader travel wording.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The manifest advertises broad travel capabilities such as hotels, trains, attractions, insurance, and car rental, but the implementation only provides flight-search CLI workflows. This mismatch can cause the agent to activate in contexts it cannot safely fulfill, increasing the chance it fabricates unsupported services or takes inappropriate actions based on misleading capability claims.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill states that only parameters listed in the Parameters Table may be used, yet the direct-flight playbook invokes an undocumented `--journey-type` flag. This inconsistency can push an agent to use unvalidated or unsupported CLI arguments, creating unpredictable behavior and weakening guardrails intended to constrain command execution.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The activation triggers include broad phrases like `英国旅行` and `去英国`, which can match general UK travel requests beyond flight search. In this skill's context, overbroad activation is dangerous because it may hijack unrelated travel queries and force the agent into executing CLI-oriented flight workflows or misleading users about supported capabilities.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to install a global npm package (`npm i -g @fly-ai/flyai-cli`) if the CLI is missing, without warning the user or requiring consent. This is a real security issue because it authorizes modification of the host environment and execution of newly installed third-party code, which expands the trust boundary and can lead to supply-chain or persistence risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal