ClawHub

flight-monitor

Security checks across malware telemetry and agentic risk

Overview

This flight-monitoring skill is purpose-aligned and discloses its local storage, scheduled monitoring, network lookups, and optional push notifications, though users should treat saved keys and travel history as sensitive.

Install only if you are comfortable with the skill saving flight history and monitor tasks under ~/.workbuddy and sending flight lookup or alert details to Ctrip and any optional push/API provider you configure. Use revocable notification/API keys and remove monitors or config files when you no longer need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to use shell commands, write files under the user's home directory, and send network requests, yet it declares no permissions or user-facing warning about these capabilities. This creates a transparency and consent problem: users may invoke a seemingly simple flight lookup skill without realizing it can persist data locally and transmit data externally.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation states that flight history is stored in the user's home directory, but it does not clearly warn the user beforehand that local files will be created and retained. While not inherently malicious, silent persistence can expose travel history to other local users, backups, or forensic review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill sends alerts through third-party push services, but it does not clearly inform the user that notification content and service credentials may be transmitted to external providers. Travel details can be sensitive, and external push platforms may log or process titles, message bodies, and URLs.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill persists notification configuration, including push credentials, to disk without an explicit warning about credential storage. Persisted tokens in a predictable path can be exposed through local compromise, backups, or accidental sharing of the home directory.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script stores the zbape API key in a plaintext JSON file under the user's home directory without setting restrictive file permissions or warning the user. Local plaintext credential storage increases the risk of key disclosure through other local users, backups, logs, or malware, especially on shared or loosely managed systems.

Session Persistence

Medium
Category
Rogue Agent
Content
### Option C — PushDeer (open source, Android & iOS)

1. Install PushDeer app or use web version at https://www.pushdeer.com/
2. Create a device and copy the push key
3. Configure: `python scripts/notify.py --setup pushdeer --key <YOUR_KEY>`

Configuration is saved to `~/.workbuddy/flight-monitor/notify_config.json`.
Confidence
84% confidence
Finding
Create a device and copy the push key 3. Configure: `python scripts/notify.py --setup pushdeer --key <YOUR_KEY>` Configuration is saved to `~/.workbuddy

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal