ClawHub

Camping Glamping Spots

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill is mostly coherent, but it asks agents to auto-install an unpinned global CLI and quietly persist raw travel queries in a local log.

Review before installing. Use it only if you are comfortable with FlyAI/Fliggy-sourced booking links, install the FlyAI CLI yourself from a trusted source rather than allowing an automatic global npm install, and check for `.flyai-execution-log.json` if you do not want raw travel searches retained locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The README presents the skill as narrowly focused on camping and glamping discovery, but also says it wraps flyai-cli for real-time travel data and booking links, implying materially broader capabilities. This mismatch can mislead users and agents about the skill’s scope, permissions, and downstream actions, increasing the chance of unintended booking-related operations or overbroad data access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs automatic global installation of `@fly-ai/flyai-cli` via `npm i -g`, causing system modification without explicit user consent or a warning about the risks of installing software. This is dangerous because it can alter the host environment, introduce supply-chain risk from the package registry, and normalize silent package installation during routine query handling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The runbook explicitly logs raw user input and full CLI command history, and later instructs persisting that execution log to disk. This creates a real data retention risk because user queries may contain personal, financial, travel, or credential-like information, and command strings can expose tokens, file paths, or sensitive parameters without any minimization, consent, or retention controls.

Ssd 3

Medium
Confidence
96% confidence
Finding
This is a true vulnerability because the schema combines natural-language raw input with operational execution data and persists it in a local log file. In a travel-booking skill, user input is especially likely to include names, destinations, dates, contact details, booking preferences, and possibly passport/visa-related information, increasing the chance of sensitive data leakage through logs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal