ClawHub

Budget Hotel Finder

Security checks across malware telemetry and agentic risk

Overview

This hotel-search skill is mostly coherent, but it asks agents to install a global CLI automatically and to keep hidden local logs of raw travel requests.

Review before installing. Use this only if you are comfortable with an external global npm CLI and network-backed travel results, and disable or delete `.flyai-execution-log.json` if you do not want raw travel searches stored locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to install a global npm package automatically if the CLI is missing, which modifies the host environment without informed user consent. Running `npm i -g` introduces supply-chain risk, can execute package lifecycle scripts, and may require elevated privileges depending on the system configuration.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The prerequisites/workflow normalize global installation of `@fly-ai/flyai-cli` without warning about trust, permissions, or system modification. In an agent setting, this is dangerous because it encourages automatic execution of third-party package installation as part of normal task handling, increasing supply-chain and host-compromise risk.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase "最便宜的住一晚" is broad natural language that could easily appear in ordinary travel conversations, increasing the chance this playbook is invoked unintentionally. In this skill, accidental activation would cause hotel-search behavior without sufficiently strong intent disambiguation, which can lead to incorrect tool use or unexpected travel actions if chained into a larger booking workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly records the raw user query in an internal execution log and states that the log is not shown to users. In a travel-booking skill, user queries can contain personal data such as names, destinations, dates, budgets, passport or visa details, making undisclosed collection and retention a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The runbook instructs appending execution logs to a local file, which creates persistent storage of potentially sensitive request data and command history without any accompanying notice or consent mechanism. Persistent local logs increase exposure through disk access, backup leakage, shared environments, or later exfiltration, especially when combined with the earlier instruction to store raw user queries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal