ClawHub

coastal-flight

Security checks across malware telemetry and agentic risk

Overview

This flight-search skill is not malicious, but it needs review because it can auto-install a global CLI and silently retain raw travel queries and command history locally.

Install only if you trust the flyai/Fliggy CLI and are comfortable approving a global npm package install. Ask the agent to confirm before installing packages, before substituting travel dates, and before writing .flyai-execution-log.json; avoid entering sensitive travel details beyond what the search requires.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The runbook defines collection and persistence of raw user queries, CLI commands, execution status, latency, and fallback details in a local log file, which exceeds what is necessary for a travel-booking skill to fulfill user requests. In this context, user queries may contain personal travel details, locations, dates, names, or other sensitive data, so retaining them without clear minimization or necessity creates unnecessary privacy and data-exposure risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The fallback explicitly says to auto-search the next available date after telling the user the requested date has passed, without requiring confirmation. In a travel-booking context, this can cause the agent to act on a materially different itinerary than the user requested, leading to misleading availability/pricing results or unintended downstream booking behavior if later steps assume the substituted date is user-approved.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase "coastal flight" is broad and overlaps with normal travel-intent language, so the skill may activate for generic flight queries rather than clearly scoped coastal-routing requests. Because the playbook also states "never answer without executing," unintended activation can push the agent into tool use when the user may not have intended this specific skill path, increasing the risk of incorrect searches or unnecessary external actions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The phrase "direct to coast" is ambiguous and can match vague natural-language requests that do not clearly indicate the user wants this skill or even a flight search. In a travel-booking skill, ambiguous routing triggers can cause the agent to invoke booking/search commands on insufficiently specified intent, leading to misfires, irrelevant results, or unintended downstream actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The runbook instructs the agent to append execution logs containing raw user input and command history to a filesystem log without any user-facing notice or consent mechanism. This creates a silent data-retention channel that can capture sensitive travel and booking information and may also expose operational details useful to an attacker or anyone with access to the host environment.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal