ClawHub
Back to skill

Security audit

Study Tour Guide

Security checks across malware telemetry and agentic risk

Overview

This travel-planning skill is provider-focused and mostly coherent, but it instructs agents to automatically install and run an unpinned global npm CLI without a clear approval step.

Install only if you trust the FlyAI CLI and are comfortable with a global npm package being added to your machine. Prefer manually reviewing and installing a pinned version in a sandbox or managed environment, and independently verify prices, availability, booking terms, and privacy implications before using the booking links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to install and run a global CLI and frames this as mandatory behavior, but provides no user-facing warning that this modifies the system and executes third-party code. In an agent setting, this can lead to unreviewed package installation and shell execution on the user's machine, expanding risk to supply-chain compromise or unintended system changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The prerequisites section contains a direct `npm i -g` command for global installation without any safety notice, approval gate, or discussion of trust boundaries. Because global npm installs run arbitrary package lifecycle scripts with broad effect on the host environment, this creates a meaningful execution and persistence risk if followed automatically by an agent or user.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The workflow makes environment checks and fallback installation mandatory, instructing the agent to execute `flyai --version` and then install the CLI if missing. This is dangerous because it operationalizes command execution and software installation as part of normal handling, with no warning, no consent checkpoint, and no restriction to a safe execution environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal