Offline Airport Lounge Finder - Comparison Map
Security checks across malware telemetry and agentic risk
Overview
The skill code looks like a local read-only lounge lookup tool, but its marketplace metadata asks for unrelated high-impact capabilities.
Install only if the platform will not grant this skill payment, OAuth, crypto, or sensitive-credential access. The local MCP code itself appears narrowly scoped, but the publisher should remove or clearly justify those capability tags and include complete dependency metadata before users rely on it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.