ClawHub

pet-flights

Security checks across malware telemetry and agentic risk

Overview

This pet-flight search skill is mostly purpose-aligned, but it asks agents to make broad system changes and quietly persist raw travel queries.

Review before installing. Use it only if you trust the flyai npm package and are comfortable with an agent installing global software; avoid sudo installation unless you intentionally approve it. Also check or disable .flyai-execution-log.json if you do not want travel searches and command history retained locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to install a global npm package (`npm i -g @fly-ai/flyai-cli`) automatically if the CLI is missing, without requiring user consent, provenance verification, or integrity checks. This creates a supply-chain and environment-modification risk: a skill invocation can trigger code installation and persistent system changes on the host.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Treating any non-zero exit code as a generic parameter-conflict trigger is overly broad and can misclassify unrelated failures such as authentication issues, network problems, rate limits, or internal CLI errors. That can send execution into the wrong fallback path, causing misleading results, suppressed error handling, and potentially unsafe or incorrect travel guidance.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Automatically searching the next available date after the user supplied an invalid or past date changes a core booking parameter without confirmation. In a travel-booking context, this can lead to presenting or acting on options the user did not request, increasing the risk of mistaken itineraries, pricing mismatches, or downstream booking errors.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The playbook performs a keyword-based network search as an automatic fallback when structured flight search returns no results, but it gives no indication to the user that an external search will be run or what data may be sent. This can expose user itinerary details to a broader search surface than expected and weakens user consent and privacy expectations, especially for travel queries that include location and date context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly records the raw user query, full CLI commands, and appends the resulting execution log to a local file. This creates a clear privacy and retention risk because user-provided travel details and potentially sensitive command arguments can be stored without notice, minimization, or retention controls, increasing the chance of unintended disclosure.

Ssd 3

Medium
Confidence
97% confidence
Finding
The schema requires storing the user's raw input and preserving execution history in a persistent `.flyai-execution-log.json` file. In a travel-booking skill, raw input may contain names, pet details, trip dates, locations, booking preferences, or other personal data, so this persistent natural-language logging materially increases data leakage and over-retention risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal