ClawHub
Back to skill

Security audit

red-flights

Security checks across malware telemetry and agentic risk

Overview

This travel-search skill is mostly coherent, but it asks agents to modify the local system and store raw travel queries without clear user control.

Review before installing. Use it only if you are comfortable with flyai receiving your travel search details, and do not allow automatic global or sudo npm installs; install any CLI yourself in a least-privilege environment. Treat `.flyai-execution-log.json` as potentially sensitive because it may contain raw routes, dates, preferences, and command history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
Treating any non-zero exit code as a trigger for this fallback is too broad because many unrelated failures can produce non-zero exits, causing the agent to switch into an inappropriate recovery path. In this skill, that can lead to misleading searches, disclosure of raw debugging commands, or behavior that no longer reflects the user’s actual request, reducing reliability and potentially exposing internal command details.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Automatically searching the next available date after detecting an invalid or past date changes the user’s request without consent. In a travel-booking context, this can produce misleading recommendations or downstream booking actions for dates the user did not intend, creating a real risk of unwanted reservations, pricing errors, or trust erosion.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The runbook explicitly stores the raw user query and appends execution logs to a local file, creating unnecessary persistence of potentially sensitive travel data, personal identifiers, or booking details. Because this is an internal log not shown to users and no notice, minimization, or retention controls are described, it increases privacy and data exposure risk if the host filesystem, logs, or support bundles are accessed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal