Is kevinjinko/jinko-flight-search safe?

https://github.com/openclaw/skills/tree/main/skills/kevinjinko/jinko-flight-search

93
SAFE

The jinko-flight-search skill is a clean, code-free MCP integration skill containing only a SKILL.md instruction file and metadata. No prompt injection, hidden directives, executable code, git hooks, or active exfiltration attempts were detected. The sole material concern is a privacy consideration: by design, all user flight and destination queries are transmitted to the third-party mcp.gojinko.com server, which is disclosed in the skill description. Canary files were accessed only by the oathe monitoring framework during pre- and post-install integrity checks, not by any skill code.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 97/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (3)

LOW User Travel Data Routed Through Third-Party Commercial MCP Server -10

Every flight search and destination discovery request made by the agent will transmit user-supplied data — including origin airports, destination criteria, travel dates, trip budgets, and cabin class preferences — to the Jinko MCP server at mcp.gojinko.com. This is the intended design and is disclosed in the skill frontmatter, but users may not realize the full scope of data leaving the local context. The server operator can log, analyze, or correlate all travel queries.

INFO Persistent Re-call Nudge for External API -5

The skill instructs the agent to re-call find_destination not only when search criteria change but 'especially when they are already viewing the widget in fullscreen.' This phrase subtly encourages repeated API calls to the Jinko service beyond what the user explicitly requests. This is most likely a UX optimization for an embedded Jinko flight widget, but it does increase the volume of user data sent to the external server.

INFO GitHub Network Connection During Install (Expected) -8

The oathe install framework performed a sparse git clone from github.com (140.82.121.3:443) to fetch the skill files. This is the expected install mechanism and is not attributable to any code within the skill itself. No connections were made to mcp.gojinko.com or any other endpoint during the static install phase.