Travel Morning Weather

Security checks across malware telemetry and agentic risk

Overview

This is a coherent travel-weather helper, but it saves city-level travel plans locally and may update them from conversation.

Install only if you are comfortable with the agent saving home and travel cities plus dates in a local travel-plan file, updating that file from travel-related conversation, deleting past entries automatically, and sending the selected city to wttr.in for weather. Review or delete the file if plans are private or captured incorrectly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (11)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The skill performs persistent file reads and writes to `memory/travel-plan.json` but does not declare permissions or clearly surface that data storage behavior. This creates a transparency and governance gap: users or hosting systems may not realize the skill can persist and modify travel history, which increases privacy and policy risk.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The declared purpose suggests only adjusting weather location, but the skill also creates, updates, deletes, and auto-expires persisted travel records. That mismatch can mislead users and reviewers about the scope of data processing, making silent collection and lifecycle management of sensitive travel data more dangerous in a conversational context.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README explicitly promotes automatic capture of travel plans from chat and persistent storage in `memory/travel-plan.json` without any warning, consent requirement, retention guidance, or discussion of privacy boundaries. Because travel plans reveal future location and absence from home, silently parsing and storing this data increases privacy and safety risk if the agent over-collects, misinterprets conversation, or exposes the stored file to other skills or users.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: Triggering when a user merely 'mentions travel plans in conversation' is overly broad and can cause accidental activation from ambiguous or hypothetical discussion. In this skill, broad triggering is more dangerous because activation leads to persistent modification of stored travel data, not just a transient response.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs proactive updates to a persistent user data file based on conversation content without explicit warning or confirmation. Because travel plans are sensitive behavioral data, silently writing them can expose private location and schedule information and create inaccurate records from misinterpretation.

Natural-Language Policy Violations

Medium

Confidence: 72% confidence
Finding: Hard-coding the morning briefing cron to Asia/Shanghai without user choice or justification can cause date-bound travel records to be resolved against the wrong day for many users. While primarily an integrity issue, it can lead to incorrect weather briefings and unintended application of travel locations.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: Resolving today's date in Asia/Shanghai for selecting `daily_locations` can apply the wrong stored destination when the user is elsewhere, especially around date boundaries. In this skill, incorrect date resolution affects which travel entry is used and may expose or act on the wrong travel plan in an automated morning workflow.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger rules are broad enough to capture ordinary conversation, screenshots, and travel-related mentions without a clearly bounded activation condition or explicit consent step. In a skill that persists travel data, this can cause unintended collection and storage of sensitive itinerary information from casual chat, creating a privacy and integrity risk even if the author likely intended convenience rather than abuse.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The file instructs the agent to write extracted travel plans into `travel-plan.json` based on conversation content, but it does not prominently warn the user that conversational data will be persisted. Because travel dates and locations are sensitive personal information, silent storage increases privacy risk and may violate user expectations or policy requirements around notice and consent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document instructs the system to run a cleanup script that deletes expired itinerary entries, but it provides no disclosure, confirmation, or retention policy for this data modification. In a travel-planning context, silently deleting user travel data can cause loss of important records and unexpected behavior, especially if dates are parsed incorrectly or user expectations differ.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends location data to wttr.in via curl without warning that the user's city/country will be transmitted to an external third-party service. In this skill's context, travel locations may reveal sensitive presence or absence from home, making undisclosed outbound sharing a meaningful privacy risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal