ClawHub

photography-trip

Security checks across malware telemetry and agentic risk

Overview

This skill is mainly a flight-search helper, but it tells the agent to automatically install and run an unpinned global npm CLI for broad travel requests.

Review before installing. Use this only if you trust `@fly-ai/flyai-cli` and are comfortable with a global npm install; otherwise require manual approval, a pinned or sandboxed install, and clearer limits on when the skill may run flight-search commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The skill explicitly says agents must never invent CLI parameters and only use flags from the documented parameter table, yet Playbook D uses `--journey-type 1`, which is not documented there. This inconsistency can cause agents to ignore the documented safety contract, normalize undocumented behavior, and potentially execute unsupported or unintended CLI functionality.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation triggers include broad phrases such as `plan a trip`, which overlap with many ordinary travel-planning requests outside the stated photography-flight niche. Overbroad routing increases the chance this skill is invoked for unrelated queries, causing unnecessary CLI execution, inappropriate system actions, or misleading travel-booking behavior.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description advertises a very broad travel assistant scope including hotels, trains, tickets, insurance, visas, and more, while the body of the skill is primarily about photography-trip flights. This mismatch creates ambiguous invocation boundaries and may cause an agent to route unrelated travel tasks into a skill whose procedures and safeguards do not actually cover them.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to automatically run `npm i -g @fly-ai/flyai-cli` if the CLI is missing, which modifies the host environment without explicit user consent or warning. Automatic global package installation is dangerous because it executes code from an external registry, changes system state, and can introduce supply-chain or persistence risks on the user's machine.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger terms for the cheapest-option playbook include very broad words like "cheap" and "budget", which can appear in many user utterances without clearly indicating consent to optimize for lowest price. This can cause the agent to invoke the wrong playbook and steer users toward undesired itineraries, creating integrity and reliability issues in booking flows.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The fastest-route playbook is keyed off generic terms like "fast" and "quick", which are ambiguous and may refer to response speed or general travel planning rather than a request for the fastest flight. This can misroute the workflow and prioritize speed over cost or user preference, leading to unintended bookings or misleading recommendations.

Vague Triggers

Low
Confidence
70% confidence
Finding
The fallback condition of "0 results from above playbooks" is underspecified because it does not define which playbooks were attempted, how many retries are allowed, or what constraints should be preserved. Ambiguous fallback logic can broaden searches unexpectedly and trigger keyword-based queries that are less controlled, increasing the chance of irrelevant or unintended results.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal