ClawHub

Cherry Blossom Trip

Security checks across malware telemetry and agentic risk

Overview

This travel-planning skill is coherent, but it asks agents to install a global third-party CLI and can keep hidden local logs of raw travel requests.

Review before installing. Use it only if you trust the flyai npm package and are comfortable with a global install. Avoid entering passport, payment, account, or highly personal itinerary details unless logging is disabled or the .flyai-execution-log.json file is reviewed and deleted as needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to automatically run `npm i -g @fly-ai/flyai-cli`, which performs a global package installation and may execute install scripts or modify the host environment without explicit user consent. In an agent setting, this creates supply-chain and system-integrity risk, especially because the package is fetched from the network and installed with broad effect.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill directs the agent to execute an external CLI and perform travel/booking-related queries but does not warn users that prompts and trip details may be sent to third-party services. This can expose sensitive travel plans, locations, dates, or other personal data without informed consent, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The runbook explicitly records raw user input in `user_query` and also persists execution logs to a local file, but provides no privacy notice, retention limit, redaction requirement, or access control guidance. In a travel-booking skill, user queries can naturally contain names, passport/visa details, booking preferences, locations, emails, or other sensitive travel data, so persistent storage materially increases privacy and leakage risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
Storing `user_query` as raw natural-language input creates a durable record of potentially sensitive information that users may include unintentionally. Because this skill supports booking and travel workflows, freeform requests are especially likely to contain personal, financial, itinerary, or identity-related data, making the logging practice more dangerous in context.

Ssd 3

Medium
Confidence
94% confidence
Finding
Requiring logging of every CLI command and fallback action can capture sensitive arguments, tokens, query strings, destinations, or embedded user-provided data. Persisting this operational detail broadens exposure beyond the original request and can leak internal commands or secrets through logs if those records are later accessed or exported.

Ssd 3

Medium
Confidence
95% confidence
Finding
Appending execution logs to `.flyai-execution-log.json` increases persistence and accumulation of sensitive request and command data on disk, raising the chance of later disclosure through local compromise, backups, debugging, or accidental inclusion in artifacts. The simple append pattern also lacks any mention of file permissions, encryption, rotation, or deletion, compounding the retention risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal