Back to skill

Security audit

must-play-recommendations

Security checks across malware telemetry and agentic risk

Overview

This skill is a travel-attraction recommender that uses FlyAI, with no executable payload or hidden behavior, but users should know queries go to an external travel service.

Install only if you are comfortable with FlyAI/Feizhu receiving city and travel-search queries, and be careful not to include sensitive itinerary details unless needed. If you configure a FlyAI API key, treat it as a credential you may need to rotate later. The bundled FlyAI reference includes broader travel commands, so use this skill for attraction recommendations rather than booking, flight, hotel, or account-related actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The README positions the skill around a general-purpose travel CLI whose documented capabilities include flights, hotels, trains, and packages, while the declared skill purpose is only scenic-spot recommendations. This creates dangerous scope drift: an agent integrating this skill could invoke unrelated commerce or itinerary functions beyond user intent, increasing the chance of unauthorized data handling or unintended booking-oriented behavior.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The command overview explicitly advertises flight, hotel, train, and Marriott/package search features that are unnecessary for a city-attractions recommendation skill. In an agent setting, overbroad documented capability is itself risky because tool-selection logic may treat these functions as permitted and start processing unrelated user requests or collecting extra travel data.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The keyword-search section encourages queries for visas, insurance, SIM cards, cruises, dining, and group tours, all outside the stated attraction-recommendation role. This broadens the possible data sent to the remote service and raises the chance that the skill is used for undeclared verticals, including potentially sensitive travel-planning contexts.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The ai-search documentation states that it can combine flights and hotels and handle detailed itinerary intent, which materially exceeds the skill's declared role. Because AI-search returns free-form text rather than a constrained schema, it also increases the risk of unconstrained output and hidden expansion into booking or itinerary assistance not expected by users.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The documented trigger phrases are broad, high-frequency travel queries such as '有什么好玩' and '去哪玩', which can cause the skill to activate in many ordinary conversations beyond clear user intent to invoke this specific tool. In this skill's context, over-triggering is more dangerous because activation leads to external data retrieval, increasing the chance of unintended data sharing and incorrect or intrusive responses.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The README says the skill uses FlyAI CLI and multiple external data sources to fetch attraction information, but it does not warn that the user's city query will be sent to third-party services. While a city name is usually low-sensitivity data, undisclosed outbound transmission reduces transparency and can create privacy/compliance issues, especially if queries contain more detailed itinerary or location context.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Several triggers such as '玩什么', '去哪玩', and '旅游推荐' are broad enough to match ordinary conversation, which can cause unintended invocation of the skill. Over-broad activation can leak user context into external CLI searches or cause the assistant to take actions the user did not clearly request, increasing privacy and prompt-routing risk.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The README describes configuring an API key and sending travel queries to FlyAI without any disclosure that user prompts and related travel details may be transmitted to a third-party service. In a consumer travel context, queries can reveal location, schedule, preferences, and family plans, so lack of transparency is a meaningful privacy weakness.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes very generic phrases such as '玩什么' and '去哪玩', which are likely to appear in ordinary travel conversations and can cause the skill to activate when the user did not explicitly request this specific tool. Unintended invocation can lead to incorrect routing, unnecessary external queries, and reduced user control over when the skill uses its travel recommendation capabilities.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.