Back to skill

Security audit

travel-emergency-assistant

Security checks across malware telemetry and agentic risk

Overview

This travel assistant is not malicious, but it asks an agent to make persistent system changes by installing a global third-party CLI before use.

Install only if you are comfortable letting the agent install and run a third-party global npm CLI. Prefer installing and vetting @fly-ai/flyai-cli yourself in a contained environment, avoid sudo, and review any travel or booking links before acting on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to check for and globally install external software using npm, which exceeds the stated travel-planning scope and turns a content-generation skill into a system-modifying installer. This introduces supply-chain risk, persistence on the host, and the possibility of executing untrusted package-install workflows, especially dangerous in an agent runtime where users do not expect machine changes.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill metadata presents a constrained tool model using `flyai.search_*`, but the document later expands behavior to arbitrary shell commands and package management. That mismatch is dangerous because it normalizes privilege expansion beyond the approved tool boundary, undermining the security model and potentially enabling command execution or unauthorized environment changes.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.