oversize-baggage

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill is generally coherent, but it needs review because it tells the agent to install an unpinned global third-party CLI automatically before running searches.

Review before installing. Use this only if you are comfortable with an agent installing @fly-ai/flyai-cli globally and sending travel search details to flyai/Fliggy; safer use would be to manually verify and install the CLI first, then run searches with user-approved parameters.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The skill explicitly says agents must never invent CLI parameters and may only use flags listed in the parameter table, but later instructs use of `--journey-type 1`, which is not documented there. This inconsistency can cause agents to ignore their own safety/validation rules, issue unsupported commands, or normalize use of undocumented flags that may have unintended behavior in the installed CLI.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The skill mandates installing a global npm package (`npm i -g @fly-ai/flyai-cli`) whenever the binary is missing, without user consent, provenance verification, or sandboxing guidance. That creates a supply-chain and arbitrary code execution risk because global package installation runs untrusted install scripts and modifies the host environment.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal