ClawHub

Explore Usa

Security checks across malware telemetry and agentic risk

Overview

This travel skill is not clearly malicious, but it deserves Review because it can install a global third-party CLI and persist raw travel queries locally without clear user control.

Install only if you trust the FlyAI CLI and are comfortable with a global npm package being installed and travel search details being sent to FlyAI/Fliggy. Before use, disable or delete the .flyai-execution-log.json behavior, avoid entering passport, payment, or highly personal itinerary details, and verify visa requirements with official government or consulate sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The fallback explicitly instructs the agent to provide visa information from generic domain knowledge when authoritative data is unavailable. In a travel-booking skill, visa requirements are highly time-sensitive and jurisdiction-specific, so presenting model-generated guidance can mislead users into relying on outdated or incorrect entry rules, potentially causing denied boarding, refused entry, or legal/compliance issues.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The runbook explicitly records the raw user query in an internal execution log, which can capture sensitive travel details, personal identifiers, or payment-related context without any demonstrated necessity for fulfilling the travel-planning function. Because the log is intended for internal retention and may later be persisted, this creates unnecessary data collection and privacy exposure beyond the skill's stated purpose.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The runbook instructs persistent file-based logging of execution data to a local JSON file, which introduces durable storage of potentially sensitive operational and user-derived data unrelated to core travel assistance. Persistent local logs increase the risk of unauthorized access, accidental disclosure, and long-term retention without clear justification or safeguards.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states that the skill provides real-time travel data and booking links via an external CLI, but it does not clearly disclose that user travel queries and related trip details may be transmitted to a third-party service. In a travel-booking context, users may share sensitive itinerary, location, date, and possibly personal booking information, so lack of transparency increases privacy and data-handling risk.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation keywords are broad enough to trigger on ordinary discussion about the USA, New York, Los Angeles, or San Francisco, causing the skill to take over when the user may not be requesting booking or itinerary actions. In this skill, accidental activation is more dangerous because it pushes the agent into mandatory CLI installation and execution behavior, which can lead to unnecessary command execution and a poorer security boundary around user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The schema directs the agent to retain raw user input internally but provides no user-facing notice that their full query may be stored. In a travel skill, user prompts may include names, destinations, dates, passport or visa context, and other sensitive trip data, so undisclosed retention meaningfully increases privacy risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The runbook prescribes writing execution logs to disk without any warning that user-related execution data may be stored locally. Silent persistence undermines user expectations and can expose data to other local processes, operators, or future reuse, especially where travel workflows may involve sensitive personal and booking information.

Ssd 3

Medium
Confidence
97% confidence
Finding
Taken together, the runbook instructs the agent to retain raw user input and persist execution details in an internal log, creating unnecessary storage of sensitive data beyond the travel assistant's functional needs. The skill context makes this more dangerous because travel interactions commonly contain personally identifiable and itinerary data that could be abused if retained or exposed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal