ClawHub

Fly Flight

Security checks across malware telemetry and agentic risk

Overview

This travel lookup skill has a clear purpose, but it uses unsafe parsing and weakened HTTPS checks that users should review before installing.

Install only if you are comfortable sending itinerary details to Tongcheng and 12306 and accepting the current implementation risks. Prefer a version that removes eval-based parsing and restores normal HTTPS certificate verification before using it for routine travel searches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The code sets `DEFAULT_SSL_CONTEXT = ssl._create_unverified_context()` and uses it for all HTTPS requests, disabling certificate validation globally for this provider. That allows a man-in-the-middle attacker on the network path to intercept or modify train schedule and fare responses from 12306 endpoints, undermining integrity and confidentiality of request metadata. In a public transport query skill this is not necessary, so the context makes the issue more dangerous rather than less justified.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script extracts a `window.__NUXT__` payload from arbitrary HTML and executes it with `eval`, which allows any JavaScript embedded in that payload to run with the privileges of the local Node.js process. In this skill context, the HTML likely comes from open web sources, so a compromised upstream site, MITM, or malformed response could trigger arbitrary code execution, making this significantly more dangerous than a purely local trusted-data parser.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Because outbound HTTPS requests are made with certificate verification disabled and there is no warning to users or callers, consumers of the skill may assume results come authentically from 12306 when they do not. An attacker able to intercept traffic could silently alter route, schedule, availability, or pricing data, and the lack of disclosure increases the chance that downstream systems trust tampered results.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal