Security audit

nightlife-trip

Security checks across malware telemetry and agentic risk

Overview

This looks like a real travel-search helper, but it needs Review because it tells agents to install an unpinned global npm CLI without a consent step and has overbroad, inconsistent command guidance.

Install only if you are comfortable with an agent using flyai for live travel searches and sending travel-query details to that service. Do not allow the skill to install @fly-ai/flyai-cli globally unless you explicitly approve the persistent system change and have verified the package source; an isolated or user-local install would reduce risk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill states that agents must only use parameters listed in the Parameters Table, but later examples and playbooks introduce undeclared flags. This creates contradictory execution guidance that can cause agents to issue unsupported or unintended CLI commands, weakening guardrails and increasing the chance of unsafe behavior or malformed command execution.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The Domain Knowledge section instructs the agent to map user requests to flags such as `--dep-hour-start` and `--dep-hour-end`, even though the skill explicitly says undeclared flags must never be invented or used. Such internal contradictions are dangerous because they encourage policy bypass and make command construction ambiguous, which can lead to erroneous or unauthorized CLI usage.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: Including a broad trigger like "plan a trip" makes this skill likely to activate for many ordinary travel requests outside its stated nightlife niche. Overbroad activation can route unrelated prompts into a workflow that executes external commands and enforces rigid behavior, expanding the attack surface and increasing the chance of unintended tool use.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill instructs the agent to install `flyai-cli` if it is missing, without requiring user consent or warning that the action modifies the host environment. Silent package installation is dangerous because it changes system state, may introduce supply-chain risk, and can violate least-privilege expectations for a simple user query.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The explicit command `npm i -g @fly-ai/flyai-cli` performs a global installation, modifying the environment for all users and processes, yet the skill provides no consent flow or safety notice. This is especially risky in agent contexts because a benign travel request could trigger privileged system changes and exposure to unreviewed third-party code.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal