ClawHub

Flight Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent flight-search skill with disclosed installation and update behavior, but users should prefer normal package-manager installs over the README's pipe-to-bash option.

Install from sources you trust. Prefer uvx, uv, pipx, or pip instead of the README's curl-to-bash one-liner, and use flight-search --upgrade only when you intentionally want to update the installed package. Expect flight search details to be sent through the Google Flights scraping library.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The CLI exposes self-upgrade/install-management behavior that is unrelated to the advertised flight-search function, expanding the skill's authority beyond user expectations. In an agent or plugin setting, this can cause the skill to modify the local environment by fetching and installing code, which is a meaningful supply-chain and integrity risk even when triggered explicitly.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill performs external package-management discovery and upgrade actions (uv, pipx, pip) that are not necessary to search flights. In security-sensitive agent environments, giving a content-retrieval skill the ability to inspect installers and install updated packages increases the chance of unintended environment modification and supply-chain exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly recommends a one-line installation command that fetches a remote script and immediately executes it with bash. This bypasses normal review of the downloaded content and creates a supply-chain execution path where a compromised repository, branch, CDN response, or network path could lead to arbitrary code execution on the user's machine.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal