ClawHub

Surfing Diving

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill is coherent, but it requires an unpinned global CLI install and can keep hidden local logs containing raw user queries.

Install only if you trust the flyai npm package and are comfortable approving any global CLI installation yourself. Avoid entering sensitive personal travel details unless logging is disabled or controlled, and check for or delete .flyai-execution-log.json after use if privacy matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The runbook explicitly requires capturing the raw user query and detailed CLI command execution data in an internal log, even though this travel skill does not need persistent full-input retention to fulfill its core function. Because travel queries can contain personal, location, itinerary, or booking-related data, retaining raw inputs and commands creates unnecessary sensitive-data exposure and expands the blast radius if logs are accessed or mishandled.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The schema stores `user_query` as raw input while the runbook states the log is internal and not shown to users, with no disclosure or consent mechanism for retention. In a travel and booking context, raw queries may contain names, destinations, dates, passport or visa details, and other sensitive trip-planning information, making silent collection and retention a privacy and security risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The runbook instructs appending execution logs to a local file without any warning, controls, or safeguards around local data storage. Persistent local logging can leave sensitive travel-related data on disk indefinitely, where it may be readable by other processes, users, backups, or incident responders beyond the original intended scope.

Ssd 3

Medium
Confidence
99% confidence
Finding
Taken together, the schema collects raw user input, detailed execution history, and then persists that information to a local file, creating a durable record of potentially sensitive user activity. In the context of a travel-discovery and booking skill, this is more dangerous because user prompts can naturally include itinerary, location, accommodation, insurance, and visa-related details that are unnecessary to retain in raw form for normal operation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal