ClawHub

"Find hotels closest to a specific attraction, landmark, or scenic spot. Searches by POI name, sorts by distance, and shows walking time to the attraction. Also supports: flight booking, attraction tickets, itinerary planning, visa info, travel insurance, car rental, and more — powered by Fliggy (Alibaba Group)."

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill appears purpose-aligned, but users should know it relies on an external FlyAI/Fliggy CLI and has a rigid hotel-sorting preference.

Before installing, confirm you are comfortable installing and running the FlyAI CLI and sending travel search details such as destination, dates, and POIs to FlyAI/Fliggy. When using it, explicitly state sorting preferences like cheapest, highest-rated, or nearest, and do not let the skill override those preferences.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to install and run an external CLI that performs hotel and POI searches, which necessarily implies outbound network access and transmission of user-supplied travel data such as destination, dates, and points of interest. Because the skill provides no warning, consent step, or data-handling disclosure, an agent could send user data to a third-party service without the user's awareness.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill hard-codes distance-first sorting as the default and states that it should always be prioritized, which can override a user's actual preference for price, rating, or other criteria. This is primarily a user-autonomy and policy-manipulation issue rather than a direct security exploit, but it can still mislead the agent into acting contrary to user intent.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The prohibition on any sort order other than distance_asc explicitly prevents the agent from accommodating user choice through natural-language instructions. In context this is not overtly malicious, but it is a restrictive behavioral constraint that can cause the agent to ignore legitimate user preferences and produce biased results.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal