ClawHub

Budget Trip Planner

Security checks across malware telemetry and agentic risk

Overview

This travel-planning skill is mostly coherent, but it can install and run an external CLI and quietly save raw travel requests to a local log file.

Review before installing. Use it only if you are comfortable installing a global third-party npm CLI and sending travel-search details through flyai/Fliggy. Consider disabling or deleting .flyai-execution-log.json, and avoid entering passport, payment, or other sensitive personal details unless you explicitly intend to share them with the travel provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Low
Confidence
89% confidence
Finding
The README explicitly states that the skill provides real-time travel data and booking links, which implies external network access and outbound link generation, but it does not warn users that invoking the skill may contact third-party services. In an agent/tooling context, this can reduce informed consent and make users unaware that queries may be sent to external providers or that generated links may lead to booking actions on third-party sites.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to install and run a third-party CLI (`npm i -g @fly-ai/flyai-cli`) and to execute commands as a mandatory step, but it provides no user-facing warning or consent gate before modifying the host environment. This is dangerous because an agent could perform system changes or run untrusted tooling on behalf of the user without clear authorization, increasing supply-chain and local execution risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises booking, reservation, visa, insurance, and car rental capabilities through an external provider, but does not warn users that fulfilling these requests may send travel details or other personal data to third-party services. This creates a privacy and transparency problem because users may unknowingly disclose itinerary, identity, or location-related information to external systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly records `user_query` as raw input in an internal execution log, which can capture sensitive personal, financial, passport, visa, booking, or contact data commonly present in travel-planning requests. Because the skill supports booking-related workflows and the runbook states the log is not shown to users, this creates undisclosed retention of potentially sensitive data and increases privacy, compliance, and insider-access risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The runbook instructs appending execution logs to `.flyai-execution-log.json` whenever filesystem writes are available, creating persistent local storage of operational data without any warning, consent, retention policy, or safeguards. In a travel-booking context, those logs may include raw queries, commands, recovery steps, and metadata that can expose sensitive trip, identity, or payment-adjacent information if the host is shared, compromised, or improperly managed.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal