ClawHub

Explore Japan

Security checks across malware telemetry and agentic risk

Overview

This Japan travel skill matches its stated purpose, but it asks agents to install and run a global third-party CLI automatically and may save raw travel queries locally without clear user control.

Review before installing. Only use it if you are comfortable with a third-party travel CLI being installed and run, require confirmation before any npm install or booking-related command, avoid entering passport/payment-sensitive details, verify visa requirements with official sources, and check for .flyai-execution-log.json if you do not want travel queries retained locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The fallback explicitly instructs the agent to provide visa information from general domain knowledge when authoritative data is unavailable. In a travel-booking skill, visa guidance is safety- and compliance-relevant, and outdated or hallucinated advice can cause denied boarding, entry refusal, or legal/travel disruption for users who rely on the skill as Fliggy-powered assistance.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation logic is broad enough to trigger on incidental mentions of Japan-related terms rather than clear travel-booking intent. In an agent context, overbroad activation can cause the skill to run unnecessary workflows, ask irrelevant follow-up questions, or initiate command-oriented behavior in contexts where the user did not request travel assistance.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to install a global npm package automatically if the CLI is missing, which is a system-modifying action. Having an agent perform package installation without explicit user approval creates supply-chain and environment-integrity risk, especially because global installs can affect other tools and execute package lifecycle scripts.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The prerequisites section includes a global npm install command without any confirmation, sandboxing guidance, or warning that it changes the host environment. In agent-driven execution, this can normalize unsafe behavior and lead to unreviewed installation of third-party code on the user's machine.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The workflow makes automatic installation a mandatory fallback during execution, meaning a simple missing-command condition can cause the agent to modify the system and run third-party install scripts. This is more dangerous than a passive prerequisite because it operationalizes the install path and may happen without a meaningful user decision point.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The runbook instructs the agent to persist raw user queries, full CLI commands, timestamps, and execution history, and to append them to a local log file without any stated minimization, redaction, retention, or user consent controls. In a travel skill, user queries and commands may contain sensitive personal data such as names, destinations, booking details, visa information, or identifiers, creating unnecessary privacy exposure if logs are accessed, retained too long, or reused.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal