ClawHub

student-deal

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill is mostly purpose-aligned, but it tells agents to automatically install an unpinned global CLI and send travel details to an external service without a clear consent step.

Install only if you are comfortable using FlyAI/Fliggy for travel searches and manually approving any CLI installation first. Prefer an isolated or pinned install, and assume your trip details and search filters will be sent to the external travel provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill’s parameter-mapping section documents a `--back-date` flag even though that flag is not listed in the allowed parameters and the skill explicitly says to never invent CLI parameters. This inconsistency can cause an agent to generate unsupported commands, leading to failed executions or unsafe retries/fallback behavior based on nonexistent functionality.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to run `npm i -g @fly-ai/flyai-cli` automatically if the tool is missing, which modifies the host environment without explicit user consent. Automatically installing global packages from a skill expands the attack surface and can be abused to trigger unauthorized software installation or supply-chain exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs the agent to send user travel queries through an external CLI/service and forbids answering without that path, but it provides no disclosure or consent step for external transmission. Travel searches can contain sensitive itinerary, location, and timing data, so silent forwarding to a third-party service creates a privacy and data-governance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal