ClawHub

Concert Event Tickets

Security checks across malware telemetry and agentic risk

Overview

This skill provides event-ticket lookup through a FlyAI CLI, but it needs review because it can auto-install a global npm package and silently persist raw user queries locally.

Review before installing. Only use this skill if you trust the FlyAI npm package source, deliberately approve any global CLI installation, and are comfortable with travel or ticket searches being sent through that provider. Consider disabling or deleting .flyai-execution-log.json if you do not want raw queries and command history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to automatically install a global npm package (`npm i -g @fly-ai/flyai-cli`) without prior user consent or a warning that this modifies the host environment. Automatic package installation introduces supply-chain and environment-integrity risk, especially because it executes code from an external registry with persistent system-wide effects.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The prerequisites section directs a global npm install but omits any warning about host modification or the risks of fetching and executing third-party code. In an agent setting, such instructions can cause silent persistence-affecting changes on the user's machine without informed consent.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The fallback path is more dangerous because it operationalizes automatic remediation by installing software after a failed command check, again without user confirmation. This creates a realistic avenue for unintended system changes and supply-chain exposure under normal skill execution, making the context more dangerous than a passive prerequisite note.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal