flight-tracker

This skill's stated purpose (flight tracking) aligns with the capabilities and requirements documented: it needs an AviationStack API key and performs network requests to fetch flight data. The primary security issue is the documentation note that the free AviationStack tier may not use HTTPS — if implemented to use HTTP, the API key and flight queries would be transmitted in cleartext and vulnerable to interception. There are no signs of obfuscation, remote download-and-execute instructions, credential forwarding to unknown third parties, or other supply-chain indicators in the provided manifest. Overall: functionality is coherent with purpose, but using an API plan without HTTPS presents a medium-high security/privacy risk and implementers should ensure encrypted transport (upgrade plan or use a provider/endpoint supporting HTTPS), avoid logging secrets, and validate they call official AviationStack endpoints.