Intelligent Hotel Lookup

Security checks across malware telemetry and agentic risk

Overview

This is a coherent hotel-search helper that uses a third-party FlyAI CLI and hands users off to booking pages without showing hidden payment, destructive, or data-exfiltration behavior.

Install only if you are comfortable using FlyAI/Fliggy for live hotel searches. Verify the npm CLI before global installation, keep any API key limited and out of logs, and treat returned booking links as handoff pages where you must re-check price, cancellation, room details, and payment terms before reserving.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The invocation patterns are broad enough to match many ordinary hotel-related requests, including generic 'search/find/compare/recommend/book hotel' phrasing, without strong scoping to this specific tool or platform. That increases the chance the skill is auto-selected in contexts where the user did not intend external hotel lookup or booking handoff, which can trigger unnecessary tool use, privacy exposure in outbound queries, or incorrect workflow routing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal