ClawHub

proposal-trip

Security checks across malware telemetry and agentic risk

Overview

This travel skill is mostly coherent, but it tells agents to automatically install and run an unpinned global npm CLI, so it needs user review before use.

Install only if you trust the flyai npm CLI and are comfortable sending travel search details to that service. Do not allow an agent to perform the global npm install automatically; review the package, prefer a pinned version, and use a sandbox or disposable environment when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill explicitly says agents must never invent CLI parameters and may only use flags listed in the Parameters Table, yet later instructs use of `--journey-type 1`, which is undocumented in that table. This inconsistency can cause unsafe agent behavior, because the model may rely on hidden or unstated flags and normalize bypassing its own parameter constraints.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation rules include broad phrases like "plan a trip," which overlap with many ordinary travel requests outside the narrow proposal-trip scope. Over-broad activation increases the chance this skill hijacks unrelated queries and triggers unnecessary command execution or package installation paths.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs automatic global installation of `@fly-ai/flyai-cli` via `npm i -g` if the tool is missing, without user consent, warning, or trust verification. That creates a supply-chain and unauthorized system modification risk, especially in agent environments where the user asked for travel help, not software installation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal