ClawHub

"Find the cheapest flights between any two cities. Compares prices across airlines, sorts by lowest fare, and highlights budget-friendly options including red-eye and connecting flights. Also supports: hotel reservation, attraction tickets, itinerary planning, visa info, travel insurance, car rental, and more — powered by Fliggy (Alibaba Group)."

Security checks across malware telemetry and agentic risk

Overview

This Japan travel skill is useful, but it asks for broad runtime authority and under-discloses raw travel-query logging, so users should review it before installing.

Install only if you are comfortable using FlyAI/Fliggy-backed travel lookup commands. Do not allow npm, npx, or sudo installation steps unless you explicitly approve them, and avoid sharing unnecessary personal, payment, passport, loyalty-account, or private itinerary details because the skill's logging and retention behavior is not clearly scoped.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill hardcodes Chinese-language output and branded closing text as a strict requirement, regardless of the user's language preference. This can override user intent and reduce transparency or usability, especially in multilingual agent environments where the assistant should preserve the user's chosen language unless explicitly requested otherwise.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The skill content is written entirely in Chinese and prescribes Chinese-language prompts and user-facing responses without indicating any language negotiation or fallback. This can exclude users who do not read Chinese, cause misunderstanding of travel details, and increase the risk of incorrect booking-related decisions when dates, airports, or constraints are misinterpreted.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The runbook explicitly records `user_query` as the raw original input, which can capture sensitive personal, financial, travel, or authentication-related data without any minimization, masking, or retention controls. Because this is a global logging contract and is described as applying to every skill invocation, it increases the chance of broad collection and later exposure of sensitive data through logs, debugging systems, or downstream observability tools.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal