ClawHub

Plan Weekend Trips — Short Getaways, Weekend Flights, 2-Day Hotel Deals & Mini Vacations

Security checks across malware telemetry and agentic risk

Overview

This travel-planning skill is coherent, but it needs review because it can install a global CLI and store raw travel queries in a hidden local log.

Review before installing. Only use it if you are comfortable with a global npm package being installed, travel details being sent to flyai/Fliggy, and local execution logs potentially retaining raw prompts. Avoid entering passport, payment, identity, or highly sensitive itinerary details unless the publisher adds explicit consent, redaction, and retention controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to install a global npm package if the CLI is missing, which modifies the host system without prior user confirmation. In an agent context, automatic package installation expands the attack surface to supply-chain compromise, unexpected privilege use, and persistence on the user's machine.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The prerequisites section normalizes a global npm install as part of ordinary skill use, without warning that it changes the system state. Even if intended as setup guidance, embedding this in a skill encourages agents to perform package installation automatically, which is risky in unattended or privileged environments.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This workflow tells the agent to detect a missing binary and then automatically run `npm i -g @fly-ai/flyai-cli`, which is a direct system modification triggered by skill logic. In practice, this can lead to unauthorized software installation, supply-chain risk, and execution of unreviewed code, making it more dangerous than a passive prerequisite note.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The playbook directs the agent to send user travel parameters such as origin, destination, and dates to external flight, hotel, and POI search services, but it does not disclose that this data leaves the system or require user confirmation. In a travel-booking skill this is contextually expected, but the lack of transparency can still expose sensitive itinerary data and lead to privacy or consent issues.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The runbook explicitly stores `user_query` as raw input and records detailed CLI command execution metadata in an internal log. In a travel/booking skill, raw queries may contain names, dates, destinations, passport or visa details, contact information, and other sensitive travel data, so persistent internal logging without disclosure, minimization, or retention controls creates a real privacy and data-exposure risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions direct the agent to append execution logs to `.flyai-execution-log.json`, creating a persistent artifact on the local system. Because the same runbook also includes raw user input and command details in that log, this persistence increases the chance of unintended disclosure to other local users, backup systems, support tooling, or later processes.

Ssd 3

Medium
Confidence
98% confidence
Finding
This runbook directs the agent to persist raw user input in an internal execution log across the logging schema and persistence section. In this skill's context, users may provide highly sensitive travel and booking information, and the statement that the log is 'not shown to users' makes the practice more concerning because it implies hidden retention without transparency or informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal