Back to skill

Security audit

Flyai Travelmapify

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its travel-map purpose, but its local Amap proxy can execute shell commands from untrusted HTTP query input and should be reviewed or fixed before use.

Review or patch scripts/amap-proxy.js before installing or running this skill. If you proceed, run local servers only when needed, stop them afterward, install dependencies from trusted sources, and avoid using sensitive travel images or private itinerary details unless you are comfortable sharing them with the external services involved.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/amap-proxy.js:25