ClawHub

christmas-flight

Security checks across malware telemetry and agentic risk

Overview

This flight-booking skill is mostly coherent, but it can install a global third-party CLI and send travel details to an external service without clear user approval.

Review before installing. Use only if you are comfortable with an agent invoking the flyai travel CLI, sharing itinerary details with that service, and potentially installing @fly-ai/flyai-cli globally. Require explicit approval before package installation or booking-related actions, and prefer a pinned or sandboxed CLI setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill explicitly says agents must never invent CLI parameters, yet one playbook later uses `--journey-type 1`, which is not listed in the allowed parameters. This inconsistency can cause agents to run unsupported commands, fail unpredictably, or rely on undocumented behavior from an external CLI, undermining the safety constraint the skill claims to enforce.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Including the trigger phrase `book a flight` is overly broad and overlaps with ordinary flight-booking requests, not just Christmas or holiday travel. This can cause the skill to activate outside its intended scope and push users into the mandated CLI execution path, including external data queries and possible tool installation, when a narrower skill or safer response path would be more appropriate.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The Chinese trigger `订机票` is a generic 'book a flight' request and does not imply Christmas or holiday travel. This broad matching increases the chance of unintended activation and unnecessary routing into external CLI-based workflows that may collect travel details or modify the environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to install a global package with `npm i -g @fly-ai/flyai-cli` if the tool is missing, without any user confirmation or warning that the system will be modified. Allowing a skill to trigger package installation expands the attack surface significantly because it permits arbitrary code from an external registry to be fetched and executed in the user's environment.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill requires live CLI queries for travel search and booking-oriented output, which implies sending user itinerary details to an external service, but it provides no privacy notice or consent flow. Users may unknowingly disclose origin, destination, and travel dates to a third-party provider, creating avoidable privacy and compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal