Security audit

Mini Trip

Security checks across malware telemetry and agentic risk

Overview

This travel-planning skill is coherent, but it asks agents to install a global CLI and keep hidden local logs of raw trip requests.

Install only if you are comfortable approving a global npm CLI install and sending trip details to flyai/Fliggy. Before use, consider disabling or deleting `.flyai-execution-log.json`, avoid entering highly sensitive travel details unless needed, and review CLI commands before allowing them to run.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to run `npm i -g @fly-ai/flyai-cli` as part of normal execution, which modifies the host environment by installing a global package. Because skill content is untrusted and no user confirmation, sandboxing requirement, or package integrity verification is included, this creates a supply-chain and environment-modification risk if an agent follows the instructions automatically.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The runbook explicitly records the raw user query in an internal execution log and states that the log is not shown to users. In a travel-booking skill, user queries may include names, passport/visa details, travel dates, destinations, contact information, and other sensitive trip data, so collecting and retaining raw input without clear disclosure or minimization creates a real privacy and data-handling risk.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The rules require logging every CLI command and its status internally without any indication that users are informed. While command telemetry can be useful operationally, undisclosed command logging can expose internal behavior and may capture sensitive arguments if commands include user-provided parameters such as travel details or booking identifiers.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The runbook instructs the agent to append execution logs to a local file, creating persistent storage of request data and operational details without any warning, retention policy, or protection requirements. Persistent local logging increases the chance of unauthorized access, accidental leakage, or later misuse of sensitive travel and booking information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal