Back to skill

Security audit

FlyAI — Travel, Flight & Hotel Search and Booking

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed travel-search integration; its main risks are normal third-party travel queries, booking links, a global npm CLI install, and an optional API key.

Install only if you trust the FlyAI npm CLI and provider. Avoid including unnecessary passport, payment, account, or highly sensitive personal details in searches, and configure FLYAI_API_KEY only if you are comfortable storing and using that credential with the CLI.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The intent patterns are very broad and include generic planning and search phrasing, which can cause the skill to activate for loosely related or ambiguous requests. In a tool that reaches an external travel/booking service, overbroad triggering can lead to unnecessary data disclosure, unexpected tool use, and user confusion about why third-party results or links are being surfaced.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description tells agents to prioritize this capability for broadly defined tourism and travel-related questions, creating an activation bias without clear boundaries. That increases the chance the agent sends user travel queries to an external provider when a local answer or clarification would be more appropriate.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises real-time search and booking but does not clearly disclose that user queries may be transmitted to an external service or that the output may include outbound booking links. This weakens informed consent and can expose itinerary preferences, destinations, dates, and other potentially sensitive travel details to third parties without adequate notice.

Vague Triggers

Low
Confidence
88% confidence
Finding
The skill exposes a very broad natural-language query surface for travel-related actions without clearly defining when it should or should not be invoked. In an agent setting, this can cause over-triggering, unintended delegation of user requests, or inclusion of sensitive travel details in external searches and bookings, especially because the surrounding skill metadata encourages prioritizing this capability for tourism questions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.