ClawHub

afternoon-flight

Security checks across malware telemetry and agentic risk

Overview

This travel skill is not malicious, but it asks the agent to install and run a third-party flight CLI automatically while its triggers and privacy boundaries are too broad.

Install only if you trust the flyai/Fliggy CLI and are comfortable with your itinerary details being sent to that provider. Before first use, require manual approval for any npm install, prefer an isolated environment, and confirm the skill should run before it searches flights.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill explicitly states that only parameters listed in the Parameters table may be used, yet Playbook D invokes `--journey-type 1`, which is not documented there. This inconsistency can cause agents to execute unsupported or unintended CLI behavior, undermining the safety constraint against inventing flags and increasing the risk of command misuse or unexpected backend actions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation trigger includes the generic phrase `book a flight`, which is much broader than the skill's stated focus on afternoon flights. This can cause the skill to activate for unrelated flight-booking requests and take over conversations outside its intended scope, leading to incorrect tool execution and unnecessary external actions.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description advertises a wide range of travel services such as hotels, trains, visas, insurance, and car rental, while the body of the skill is specifically about afternoon flight search. This mismatch can mislead orchestrators or users into invoking the skill for unsupported actions, increasing the chance of improper tool use, confusion, or unsafe fallback behavior.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs the agent to automatically run `npm i -g @fly-ai/flyai-cli` if the CLI is missing, without requiring user confirmation or presenting supply-chain risk warnings. Automatic global package installation is dangerous because it modifies the host environment, may execute install scripts, and could introduce malicious or compromised code into the system.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases for the 'Cheapest Option' playbook include generic terms like 'cheap' and 'budget', which can easily appear in ordinary travel discussion without an explicit request to invoke a flight-search action. That can cause unintended tool execution and transmission of itinerary details to the external flight service based on conversational context rather than clear user consent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
One-word triggers like 'fast' and 'quick' are highly ambiguous and likely to occur in normal conversation unrelated to route selection. In an agent setting, this can spuriously activate flight search behavior, producing incorrect actions or leaking trip parameters to an external provider without sufficiently clear user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The fallback condition '0 results from above playbooks' is underspecified because it does not define whether retries, user confirmation, or relevance checks are required before broadening the search. This can lead to unexpected secondary queries, including a looser keyword search, which expands data exposure and may return less controlled results than the original structured search.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The playbook instructs the agent to send origin, destination, and travel date parameters to an external service without any notice, consent language, or privacy boundary. While these are typical travel-booking fields, they still constitute user itinerary data and their silent transmission creates a transparency and privacy issue.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal