Security audit

evening-flight

Security checks across malware telemetry and agentic risk

Overview

This flight-search skill is mostly purpose-aligned, but it instructs agents to automatically install an unpinned global npm CLI before use.

Review this before installing if you do not want an agent to add global npm software to your machine. Only use it if you trust @fly-ai/flyai-cli and Fliggy/flyai with your travel route and date, and prefer installing or running the CLI in a contained environment yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Intent-Code Divergence

Medium

Confidence: 82% confidence
Finding: The skill explicitly says agents must never invent CLI parameters and only use those listed in the Parameters Table, but the direct-flight playbook uses `--journey-type 1`, which is not documented there. This inconsistency can cause agents to rely on undeclared behavior, increasing the chance of command misuse, failed execution, or unsafe parameter expansion if implementations try to compensate.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill mandates `npm i -g @fly-ai/flyai-cli` when the tool is missing, which modifies the host environment and executes code from an external package registry without requiring user consent. In an agent setting, automatic global installation expands the attack surface and can lead to supply-chain compromise, persistence, or unintended system changes.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill directs the agent to send origin, destination, and travel date through `flyai search-flight` to an external service, but provides no privacy notice or consent checkpoint. Travel queries can reveal sensitive behavioral and location information, and silent transmission to a third party creates avoidable privacy and compliance risk.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases in this section include highly generic terms like "cheap," "budget," "fast," and "quick," which can easily appear in unrelated travel or general conversation. In an agent skill, overly broad triggers can cause the wrong playbook to activate, leading to unintended searches, confusing outputs, or action selection that does not match the user's actual request.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The fallback condition "0 results from above playbooks" is underspecified and leaves unclear whether fallback is triggered by routing failure, search failure, missing parameters, or ambiguous user intent. That ambiguity can make the agent invoke broad search behavior unexpectedly, potentially causing irrelevant external queries and reducing control over when secondary commands are executed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.