ClawHub

Travel Personality Test

Security checks across malware telemetry and agentic risk

Overview

This travel quiz is mostly coherent, but it can automatically install and use an external FlyAI dependency without clear user approval.

Install only if you are comfortable with a travel quiz using FlyAI for live recommendations. Require explicit approval before any `clawhub skill install flyai` action, review the FlyAI dependency separately, prefer the local `cities.md` fallback when you do not want external queries, and keep any FlyAI API key in a proper secret store rather than pasting it into chat or shell history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a lightweight travel personality test, but it instructs the agent to install and invoke an external tool for live travel data. That materially expands capability beyond the declared function and can surprise operators or users, increasing the risk of unauthorized network access, tool execution, and data handling.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill directs automatic shell execution to check for and install `flyai`, modifying the runtime environment without explicit approval. Any skill that can trigger package or skill installation creates a strong supply-chain and privilege-boundary risk, especially in a context that should only ask quiz questions and return recommendations.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill expands into real-time flight, hotel, and trend lookup, which is a materially different operational capability from a personality quiz. This increases the attack surface by introducing external calls, possible user-data transmission, and transactional-style outputs that were not clearly scoped in the skill's stated purpose.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad, generic travel intents such as '推荐旅行目的地' and '适合去哪玩', which can easily match ordinary conversation and cause the skill to activate when the user did not explicitly request a personality test. Unintended activation can steer the conversation into this skill's workflow and, in this case, may also lead to unnecessary use of the optional external integration for recommendations or pricing.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises real-time destination and price queries through an external service, but it does not clearly disclose that user queries may be transmitted to a third-party API or that network access/API credentials are involved. This creates a privacy and transparency risk because users and operators may not understand that travel preferences, destination requests, or other inputs could leave the local agent environment.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill instructs automatic dependency installation via shell without any warning, confirmation, or trust validation. In a user-facing quiz context, silently changing the environment is especially dangerous because it violates least surprise and can be abused for unauthorized code acquisition or execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill includes exporting an API key in shell form without guidance on secure secret handling. This encourages unsafe credential practices such as inline secrets in command history, logs, or shared environments, which can lead to credential leakage and downstream service abuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill sends user-derived preferences and travel intent to an external service without a privacy notice or consent step. Even if the data seems low sensitivity, it still constitutes user profiling and query metadata being transferred off-platform, which is inappropriate when hidden behind a casual personality test.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to activate on ordinary travel-planning requests such as '推荐旅行目的地' or '适合去哪玩', which do not necessarily indicate that the user wants a personality test. This can cause unintended skill invocation, redirecting user intent and potentially causing the agent to collect quiz answers or route requests through a dependency when the user only wanted general travel advice.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill metadata and examples are entirely Chinese-oriented, which suggests the interaction is designed to proceed in Chinese without checking the user's language preference. While not a classic security flaw, forced-language behavior can mislead users, impair consent and comprehension, and increase the chance that they approve actions or share information without fully understanding the flow.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal