Security audit

explore-turkey

Security checks across malware telemetry and agentic risk

Overview

The skill is a real flight-search helper, but it tells the agent to install an unpinned global third-party CLI automatically and has broader claims/triggers than its flight-only workflow supports.

Install only if you are comfortable with a third-party global npm CLI being added to your machine and with travel search details being sent to the flyai/Fliggy service. Prefer manually reviewing and installing a pinned CLI version first, and use the skill only for flight searches rather than the broader travel services advertised.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The manifest advertises broad travel capabilities such as hotels, visas, insurance, and car rental, but the skill body only defines flight-search behavior. This mismatch can mislead an agent into invoking the skill for unsupported tasks, increasing the chance of incorrect actions, unsafe fallbacks, or fabricated answers outside the implemented workflow.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill states that only documented CLI flags may be used, yet a playbook includes an undocumented `--journey-type` parameter. This creates inconsistent execution guidance that can cause command failure, undefined behavior, or encourage agents to rely on unsupported options despite explicit constraints.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation scope includes broad phrases like '土耳其旅行' and '去土耳其', which can match general travel planning requests beyond flight search. Overbroad triggering can cause the skill to activate in the wrong context, leading to inappropriate command execution, misleading outputs, or interference with more suitable skills.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill instructs the agent to run `npm i -g @fly-ai/flyai-cli` automatically when the tool is missing, which modifies the host environment without explicit user consent. Automatic global package installation is dangerous because it expands the trust boundary to external package registries and can introduce supply-chain risk or unauthorized system changes.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document instructs operators to run a global npm install command that modifies the host environment without any warning, consent step, or safer alternative. In an agent skill context, operational fallback text can be surfaced or followed automatically, creating avoidable supply-chain and system-modification risk if the package is compromised or the environment is sensitive.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This fallback repeats the same unsafe pattern by presenting a global npm installation as a recovery step with no disclosure of system impact. Repetition increases the chance that an automated agent or user treats host modification as routine troubleshooting, which is risky in production or managed environments.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The PB-2 trigger phrases include very generic terms like "cheap" and "budget," which are likely to appear in ordinary conversation unrelated to an explicit flight-search request. This can cause unintended activation of the booking workflow and lead the agent to initiate travel-search actions based on ambiguous user input.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The PB-3 triggers use broad speed-related words like "fast" and "quick," which commonly occur in normal speech and do not reliably indicate a request for fastest-route flight search. In an agent skill, this ambiguity can misroute user intent and trigger external travel search actions without sufficient confirmation.

Vague Triggers

Low

Confidence: 74% confidence
Finding: The fallback condition "0 results from above playbooks" is underspecified and may be interpreted inconsistently by the runtime, especially when earlier playbooks were triggered on weak matches. This can cause overly broad searches, including keyword-based queries, that expand scope beyond the user's precise request and produce unintended external lookups.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.