ClawHub

Aerobase Travel Flights

Security checks across malware telemetry and agentic risk

Overview

This flight skill is mostly coherent, but it expands from search into booking and raw card-payment handling without clear enough upfront disclosure or safeguards.

Install only if you understand that this is not just a flight-search skill; it may support booking workflows and sensitive passenger/payment data handling. Use it for search and validation with normal caution, and avoid entering raw card details through the agent unless Aerobase provides a clearly PCI-compliant, user-approved checkout or redirect flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented in its manifest and top-level description as a flight search/compare/score capability, but the documented API surface also includes booking creation and booking-history access. This scope mismatch can mislead users and host agents into enabling a higher-risk transactional skill than intended, increasing the chance that sensitive booking, identity, or payment actions occur without appropriate review or consent boundaries.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The documentation claims there is 'no user credential collection,' yet later defines a booking flow that accepts full payment card details and extensive passenger identity data. Even if cards are not traditional login credentials, this is highly sensitive data collection, and the contradictory framing may lower operator caution and cause unsafe handling of PCI/PII through an agent channel not designed for it.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents transmission of raw passenger identity fields and payment card data to a booking endpoint without prominent privacy, retention, consent, or secure-handling guidance. In an agent setting, this creates substantial risk of exposing PCI/PII in prompts, logs, transcripts, or intermediary tooling, especially if the host platform is not approved for cardholder data processing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal