ClawHub

Southeast Asia

Security checks across malware telemetry and agentic risk

Overview

This is a coherent travel-booking skill, but it can install and run an external global CLI and keep hidden local logs of raw travel queries.

Install only if you are comfortable with a third-party FlyAI CLI being installed globally and used for travel searches. Review the CLI source or package, approve installs manually, avoid entering passport or sensitive identity details, verify visa rules with official government sources, and delete or disable `.flyai-execution-log.json` if you do not want travel queries stored locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The fallback explicitly tells the agent to provide visa information from unspecified 'domain knowledge' when authoritative live data is unavailable. Visa and entry rules change frequently, so presenting non-sourced information in a travel-booking skill can mislead users into relying on outdated or incorrect legal/travel requirements, causing denied boarding, refused entry, or compliance issues.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation triggers are broad enough that ordinary mentions of country names can invoke this skill even when the user did not request travel assistance. Because the skill is instruction-heavy and can install software or send queries to an external CLI, over-activation increases the chance of unintended command execution, unnecessary external data disclosure, and user confusion.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically install `@fly-ai/flyai-cli` via `npm i -g` if the binary is missing, but the description does not warn users that software may be installed on their machine. Silent or unexpected package installation is risky because it changes the local environment, may require elevated privileges, and introduces supply-chain exposure without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill requires all travel responses to come from the `flyai` CLI, which implies user queries and travel parameters may be transmitted to an external service for processing. Without a privacy notice, users may unknowingly expose itinerary, location, or booking-related data to a third party, creating avoidable privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly records the raw user query and appends execution logs to a local file, while also stating that the log is not shown to users. In a travel-booking skill, user queries may contain personal data such as names, destinations, dates, passport or visa details, and preferences, so storing raw input without disclosure, minimization, or retention controls creates a meaningful privacy and data-handling risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal