ClawHub

Couple Romantic Stay

Security checks across malware telemetry and agentic risk

Overview

This is a coherent travel-search skill, but it automatically installs a global CLI and keeps hidden local logs of raw travel queries.

Install only if you trust the flyai CLI and are comfortable with global npm package installation. Before use, require manual approval for any install command, prefer an isolated environment, and delete or disable .flyai-execution-log.json because it may contain private travel plans and free-form user queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The runbook explicitly captures raw user queries and full CLI commands in an internal execution log, which can include sensitive travel details, personal preferences, and potentially tokens or identifiers passed on the command line. For a romantic-travel booking skill, retaining this level of operational telemetry is not clearly necessary and creates unnecessary privacy and data-exposure risk if logs are accessed, reused, or mishandled.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The runbook instructs the agent to append execution logs to a local file when filesystem writes are available, creating persistent storage of potentially sensitive interaction data. Persistence increases the blast radius of any accidental exposure because data remains after execution and may be readable by other processes, users, or future runs.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to install a global npm package if the CLI is missing, which modifies the host environment without an explicit user approval step or safety warning. In an agent context, this can lead to unintended system changes, supply-chain exposure from third-party package installation, and execution of install-time scripts on the user's machine.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The schema requires logging raw user input but provides no privacy notice, consent mechanism, or guidance on handling sensitive content. In this skill's context, user queries may contain intimate travel preferences, companion details, dates, destinations, and other personal data, so silent collection materially increases privacy risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The runbook describes writing execution logs to a local file without any user-facing disclosure that their interaction data may be stored beyond the current session. Undisclosed persistence is especially problematic in a romantic-stay skill because queries may reveal relationship status, travel plans, and other sensitive personal context.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal