Back to skill

Security audit

Quick Getaway

Security checks across malware telemetry and agentic risk

Overview

This travel-planning skill mostly matches its purpose, but it can automatically install a global CLI and persist raw trip requests in a local log.

Review before installing. Use it only if you trust the flyai CLI and are comfortable with live travel queries going through that provider. Do not allow automatic global npm installation without explicit approval, and disable or regularly delete `.flyai-execution-log.json` because it may contain personal travel details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to act as a CLI executor and to install and run software if the required tool is missing, but it provides no user-facing warning, consent step, or sandboxing requirement. In an agent context, this can lead to unreviewed shell execution and system modification on the host machine, which is risky even if the intended package is legitimate.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The prerequisite section includes a global npm install command, and the workflow later repeats automatic installation behavior without any safety notice or confirmation requirement. Global package installation changes the host environment and introduces supply-chain and arbitrary code execution risk if performed automatically by an agent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The runbook explicitly records the raw user query in the execution log schema and then appends the generated log JSON to a local file, which can persist sensitive travel data without user notice or consent. In this skill context, user queries may contain personal details such as names, destinations, dates, passport or visa-related information, making unminimized logging a meaningful privacy and data-retention risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.