ClawHub

Cabin Flights

Security checks across malware telemetry and agentic risk

Overview

This flight-booking skill matches its stated purpose, but it handles passenger personal data and can lead agents toward real, potentially irreversible USDC payments without enough explicit safeguards.

Review before installing. Use this only with explicit user approval for each booking and each payment, verify passenger details, fare, amount, Base deposit address, and network, and do not give the agent unattended wallet authority. Assume booking data will be sent to Cabin and travel providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README documents a workflow that collects sensitive passenger PII and initiates cryptocurrency payment, but it does not warn users that booking data will be transmitted to external services or that blockchain payments are typically irreversible. In an agent context, this omission can lead automated systems or users to submit personal data and funds without informed consent, increasing privacy, financial, and compliance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The booking flow instructs the agent to collect and transmit sensitive passenger PII, including full name, email, date of birth, and gender, to a third-party API without any explicit notice to the user about data sharing, retention, or privacy implications. In an agent setting, this can lead to users disclosing regulated or sensitive travel data without informed consent.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill enables real-world booking and cryptocurrency payment but does not clearly warn that booking creates a real financial commitment and that USDC transfers may be irreversible. In an autonomous or semi-autonomous agent context, this raises the risk of accidental purchases, payment to an incorrect address, or user misunderstanding of the consequences.

External Transmission

Medium
Category
Data Exfiltration
Content
### Book

```bash
curl -X POST https://api.cabin.team/v1/book \
  -H "Content-Type: application/json" \
  -d '{
    "offer_id": "offer_1",
Confidence
89% confidence
Finding
https://api.cabin.team/

External Transmission

Medium
Category
Data Exfiltration
Content
When the user wants to book:

```bash
curl -X POST https://api.cabin.team/v1/book \
  -H "Content-Type: application/json" \
  -d '{
    "offer_id": "offer_1",
Confidence
84% confidence
Finding
https://api.cabin.team/

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal