40Medium
The skill contains suspicious base64-encoded blobs that may represent a hidden payload, posing a potential security risk despite the lack of a specified license.
Skill Info
Nameopenweb-org/openweb/google-flights
Registrygithub
Version04c01578ff2e
PURLpkg:github/openweb-org/openweb@04c01578ff2e?skill=google-flights
Stars9
Source
Install
This skill has findings worth reviewing before installing.
GitHub
Skills.shDocs
npx skills add https://github.com/openweb-org/openwebAssessments (2)
AI Agent Traps ↗Long base64-encoded blob detected (potential hidden payload)mediumobfuscationAML.T0068AML.T0015LLM01:2025
Long base64-encoded blob detected (potential hidden payload) (seen 2 times in this file at lines 40, 46)
100% confidenceline 40
CBwQAhopEgoyMDI2LTA0LTMwagwIAhIIL20vMGZ2eWdyDQgDEgkvbS8wMl8yODYaKRIKMjAyNi0wNS0wNGoNCAMSCS9tLzAyXzI4NnIMCAISCC9tLzBmdnlnQAFIAXABggELCP
Missing licenseinfopolicy violation
Skill does not specify a license field. Specifying a license helps users understand usage terms.
100% confidence
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/openweb-org/openweb/google-flights)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/openweb-org/openweb/google-flights"><img src="https://mondoo.com/ai-agent-security/api/badge/github/openweb-org/openweb/google-flights.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/openweb-org/openweb/google-flights.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow