Pocket Wifi

Security checks across malware telemetry and agentic risk

Overview

This travel skill is coherent, but it asks agents to install and run a global third-party CLI and can persist raw travel queries in a local log without enough user control.

Review this before installing. Approve any @fly-ai/flyai-cli installation yourself, avoid providing passport, payment, account, or sensitive booking data, and disable or remove .flyai-execution-log.json if you do not want local query history retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The runbook explicitly includes a `user_query` field containing raw user input in an internal execution log, which creates unnecessary retention of potentially sensitive user data. In a travel-booking skill, user prompts may contain passport details, travel dates, contact information, booking references, or other personal data, so storing the raw query increases privacy and compliance risk if logs are exposed or retained without consent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The runbook instructs appending execution logs to a local file, which can silently persist sensitive operational and user-derived data on disk. Because the same schema also captures raw user input and command details, this persistence increases the chance of data leakage through shared environments, backups, misconfigured permissions, or later forensic access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal