ClawHub

ClawFlight

Security checks across malware telemetry and agentic risk

Overview

ClawFlight behaves like a flight-search helper and its sensitive behaviors are mostly disclosed, but users should understand it uses travel APIs and can save trip-related data locally.

Install only if you are comfortable using a dedicated Amadeus API key, sending flight searches to Amadeus and booking providers, and keeping local saved-flight, rating, and token-cache files private. The Kiwi key instruction appears unnecessary for this version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation instructs users to set environment variables for API credentials and indicates the skill uses them, but the skill does not declare corresponding permissions or clearly bound access. In an agent ecosystem, undeclared environment access weakens trust and reviewability because the skill may read secrets beyond what users expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill claims to be a flight-search tool, but the documented behavior includes persistent local storage of saved flights, user ratings, and cached OAuth tokens. That mismatch is security-relevant because users and reviewers may authorize a simple search skill without realizing it retains travel history, community submissions, and authentication artifacts on disk.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation description is broad enough that the skill could activate for ordinary flight-search requests, not just requests where onboard WiFi or Starlink is relevant. Over-broad triggering can cause unnecessary sharing of travel queries with this skill, expose users to affiliate-biased results, and bypass a user's expectation that a general travel tool would be used instead.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The conversation example shows the skill being used for a generic request for a flight from Bangkok to London, even though the skill is specialized for Starlink-equipped flights. This increases the chance of silent activation outside its intended scope, leading to filtered or commercially influenced results when the user did not ask for WiFi-focused recommendations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The description says users can submit WiFi ratings, but it does not clearly warn that those ratings are stored persistently in a community database. This is a transparency and privacy issue because users may contribute feedback without understanding retention, sharing, or whether associated flight or airline data can be linked back to them.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal