ClawHub

Flight

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent flight helper, but it includes instructions that could let an agent book or rebook flights without clear user approval.

Use this skill for flight research and alerts only if you keep booking, payment, cancellation, and rebooking behind explicit approval. Be careful before sharing loyalty credentials, and review or delete saved files containing PNRs and travel history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This markdown file explicitly says preferences persist in `~/flight/memory.md` and that searches, bookings, alerts, and history are stored under `~/flights/`, including sensitive reservation data such as PNRs. The description does not warn users that personal travel data will be written to disk or retained across updates, which is a missing user warning for privacy-impacting behavior in a markdown skill description.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The markdown lists AwardWallet as requiring user credentials, but it does not include any warning about privacy, secure handling, or risks associated with providing account credentials. For a markdown skill description, mentioning credential use without a corresponding user-facing caution can omit important disclosure about privacy and account-security impact.

Natural-Language Policy Violations

Medium
Confidence
79% confidence
Finding
The line states that Google Flights has no public API and says it must be scraped despite noting legal risk. This is a natural-language instruction that encourages behavior likely to violate organizational or platform-use policies, even though the risk is acknowledged.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- For families: verify adjacent seat availability before booking, not after
- Set price alerts on flexible dates (±3 days) for better deal coverage
- Track flight status starting 24h before departure — proactive rebooking on delays
- Never book non-refundable for trips >30 days out without asking
- When comparing award bookings: calculate cents-per-point against cash price
- Warn about tight connections (<90min domestic, <2h international)
- For multi-city: check if separate bookings are cheaper than one ticket
Confidence
75% confidence
Finding
without asking

Hidden Instructions

High
Category
Prompt Injection
Content
```markdown
## Home Airports
<!-- Primary airports. Format: "IATA, IATA" -->
<!-- Examples: MAD, BCN | JFK, EWR, LGA -->

## Preferred Airlines
Confidence
70% confidence
Finding
<!-- Primary airports. Format: "IATA, IATA" --> <!-- Examples: MAD, BCN | JFK, EWR, LGA --> ## Preferred Airlines <!-- Airlines or alliances. Format: "airline | alliance" --> <!-- Examples: Iberia, B

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal