ClawHub

Weekend Flights

Security checks across malware telemetry and agentic risk

Overview

The skill appears travel-focused, but it should be reviewed because it can automatically install an unpinned global CLI and send travel searches to an external provider.

Install only if you trust the flyai npm package and the Fliggy/FlyAI service. Prefer requiring explicit confirmation before npm install or external searches, and avoid sharing unnecessary personal travel details; I found no artifact evidence of malicious, destructive, or hidden credential behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The manifest and description significantly broaden the skill's advertised scope from weekend-flight search to booking, hotels, trains, visas, insurance, and more, but this file only documents flight-search behavior. This mismatch can mislead an agent into invoking the skill for unrelated travel tasks, increasing the chance of improper tool use, unexpected external actions, and accidental transmission of user travel data to a third-party service.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The activation phrases are broad enough to catch common travel-planning requests that may not be intended for this narrow weekend-flight workflow. Overbroad triggering can cause the agent to invoke external CLI commands prematurely, collect more user data than necessary, or route users into the wrong tool path.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises booking and reservation capabilities powered by an external provider without clearly warning that user queries and itinerary details may be transmitted to third-party services. This creates a privacy and consent risk, especially if an agent uses the skill automatically on behalf of the user.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal