ClawHub

birthday-trip

Security checks across malware telemetry and agentic risk

Overview

This birthday travel skill has a coherent purpose, but it should be reviewed because it can install a global CLI and persist local logs of travel searches without clear user control.

Review before installing. Only use this skill if you trust the external flyai CLI provider and are comfortable with a global npm install, networked travel searches, and local execution logs. Prefer requiring approval before installation and disabling or redacting `.flyai-execution-log.json` logging.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to install a global npm package (`npm i -g @fly-ai/flyai-cli`) as part of normal operation, without user consent, sandboxing, version pinning, or integrity verification. This is dangerous because it permits environment modification and execution of third-party code from the network, which can lead to supply-chain compromise or unintended system changes on the host running the agent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The runbook explicitly records raw user input, full CLI commands, timestamps, and execution details, and instructs persistence to a local log file. In a travel-booking skill, user queries and command arguments can contain personal data such as names, dates of birth, destinations, passport/visa details, and booking context, creating unnecessary retention and privacy exposure without any notice, minimization, or retention controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal