Back to skill

Security audit

Onsen Hotel

Security checks across malware telemetry and agentic risk

Overview

This travel-booking skill is coherent, but it can install a global CLI automatically and keeps hidden local logs containing raw user queries.

Review before installing. Use only if you trust the flyai CLI package and can approve or perform installation yourself. Avoid entering passport numbers, payment details, booking references, or other highly sensitive information, and check for or delete `.flyai-execution-log.json` after use if logs are created.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly defines an internal log schema that stores the raw user query along with timestamps, request IDs, command history, and other execution metadata. In a travel-booking skill, raw input may contain sensitive personal or travel-related data, so retaining it without minimization, consent, or disclosure creates a real privacy and data-retention risk if logs are accessed, copied, or mishandled.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions tell the agent to append execution logs to a local file, which creates persistent storage of potentially sensitive request data and operational metadata. Because the same runbook also includes raw user queries in the log structure, this persistence materially increases exposure through local file access, accidental inclusion in artifacts, backups, or later exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.