ClawHub

Explore Yunnan

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Yunnan travel-search skill, but it can install and run a global travel CLI and silently persist raw travel queries locally.

Review before installing. Use only if you are comfortable with a global npm CLI install, live travel lookups through flyai/Fliggy, and possible local logging of your travel prompts. Avoid entering passport, payment, account, or other sensitive booking details, and delete `.flyai-execution-log.json` if you do not want retained local history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "Yunnan trip" is broad and likely to appear in normal travel-related conversation, which can cause the playbook to activate unintentionally. In a skill that can book flights, hotels, and tickets, accidental invocation may lead to undesired transactional flows or inappropriate tool use rather than merely returning informational content.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase "Dali and Lijiang" lacks specificity and can easily match ordinary user discussion about destinations instead of an explicit request to run this playbook. Because the skill supports reservations and ticketing, this increases the risk of unintended execution paths and incorrect parameter mapping into booking or itinerary actions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrase "tropical Yunnan" is an overly broad descriptive expression that may occur in general travel queries, making unintended activation plausible. The surrounding instruction that the agent should "never answer without executing" raises risk further, because benign discussion could be converted into action-oriented workflow execution without sufficient user intent verification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly records `user_query` as raw input in an internal execution log, which can capture personal data, credentials, payment details, passport information, or other sensitive travel-booking content. Because the same document also defines persistence of this log to disk, this creates an unnecessary data-retention and privacy exposure without notice, minimization, or access controls.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The runbook instructs appending execution logs to a local file whenever file-system writes are available, but provides no warning, consent, retention policy, or safeguards around those writes. This increases the chance that sensitive operational and user-derived data is silently accumulated on disk where other local users, processes, backups, or support workflows may access it.

Ssd 3

Medium
Confidence
97% confidence
Finding
Taken together, the schema stores raw `user_query` and operational metadata, then persists the generated JSON to `.flyai-execution-log.json`. In a travel skill context, user queries may include highly sensitive itinerary, identity, visa, insurance, and booking details, so local persistence materially increases privacy, compliance, and secondary-exposure risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal