全球航班查询与预订
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed flight-search helper that sends travel lookup details through its cloud proxy, with no evidence of hidden persistence, local data access, or destructive behavior.
Install only if you are comfortable sending flight-search details, such as route, date, cabin class, passenger counts, airport keywords, and routing IDs, to the skill publisher's cloud proxy. The artifacts claim the proxy does not store user data, but the skill itself cannot technically enforce that claim.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.