Matrix Mate - ITA Matrix Flight Search and Parse Tool

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local ITA Matrix parsing helper with a controlled remote override and no evidence of hidden persistence, credential use, or destructive behavior.

Install only if you are comfortable running a local Matrix Mate app and sending itinerary details to it. Leave the remote base URL override disabled unless you explicitly trust the remote host, and avoid submitting very large pasted JSON or fare-rule bundles until size limits are added.

SkillSpector

By NVIDIA

Vulnerability Patterns

Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The client is marketed as an offline/local MCP tool, but it allows connections to arbitrary non-loopback HTTP(S) hosts when an environment variable is set. That creates a real trust-boundary expansion: if an attacker can influence environment configuration or deployment settings, the skill may exfiltrate itinerary or traveler data to a remote service contrary to the expected offline-only behavior.

Unbounded Output

Medium

Category: Output Handling
Content: ### 3) Oversized manual payloads - Risk: very large `itaJson` / `rulesBundle` can increase latency/cost. - Current mitigation: schema requires non-empty strings but no size cap. - Recommended hardening: add max-size limits (for example 250-500 KB) in schema and UI. ## Reviewer quick checks
Confidence: 95% confidence
Finding: no size cap

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal