Back to skill

Security audit

Travel Partner

Security checks across malware telemetry and agentic risk

Overview

This travel-content skill is coherent and disclosed, with the main cautions being optional paid OpenAI image generation, dependency installation, and local output files.

Install this only if you want a travel-planning and AI travel-content helper. Use a virtual environment, use a budget-limited OpenAI API key for image generation, avoid including sensitive personal itinerary or relationship details in image prompts, and use ordinary city or landmark names rather than path-like input when generating files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes capabilities that require network access, environment variable access, and local file reads/writes, yet no permissions are declared. This creates a transparency and governance gap: a caller or reviewer cannot accurately assess what the skill may access, and runtime enforcement may be bypassed or misconfigured as a result.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The stated purpose is travel-companion content generation, but the documented behavior also includes external API-based image generation, downloading remote content, and writing local files. This mismatch is dangerous because it conceals materially broader capabilities than a user would reasonably expect, increasing the chance of unauthorized network use, cost incurrence, and persistent data creation.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The documentation instructs the skill to generate real images via an external API and save them locally, which expands the skill from content planning into active external resource consumption and file creation. In context, that broader operational behavior is more dangerous because users invoking a travel-planning companion may not anticipate network calls, billable API usage, or local artifact storage.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README instructs users to configure an OpenAI API key and use a script that sends destination and location prompts to an external image-generation service, but it does not clearly disclose that user-supplied travel data will leave the local environment. This is a real transparency and privacy issue because users may unknowingly transmit sensitive itinerary details, relationship context, or location-related metadata to a third party.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation criteria are very broad, covering a wide range of travel, social media, immersive experience, and romantic-roleplay requests without clear constraints. Overly broad triggering can cause the skill to activate in contexts where its more powerful behaviors (research, network access, file output, image generation) are unnecessary or unexpected.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.